Operation Manual – 802.1x-HABP-MAC AuthenticationH3C S3610&S5510 Series Ethernet Switches Chapter 1 802.1x Configuration1-8Supplicant systemPAERADUISserverEAPOL EAPOREAPOL-StartEAP -Request / IdentityEAP - Response /IdentityEAP -Request /MD5 challengeEAP-SuccessEAP -Response/MD5 challengeRADIUS Access- Request(EAP- Response/Identity )RADIUS Access-Challenge( EAP- Request/ MD5 challenge)RADIUS Access-Accept(EAP- Success)RADIUS Access-Request( EAP- Response/ MD5 challenge)Port authorizedHandshake timerHandshake request[ EAP- Request /Identity ]Handshake response[ EAP- Response/ Identity ]EAPOL- Logoff......Port unauthorizedAuthenticator systemPAEFigure 1-8 Message exchange in EAP relay mode1) When a user launches the 802.1x client software and enters the registeredusername and password, the 802.1x client software generates an EAPOL-Startframe and sends it to the authenticator to initiate an authentication process.2) Upon receiving the EAPOL-Start frame, the authenticator responds with anEAP-Request/Identity packet for the username of the supplicant.3) When the supplicant receives the EAP-Request/Identity packet, it encapsulatesthe username in an EAP-Response/Identity packet and sends the packet to theauthenticator.4) Upon receiving the EAP-Response/Identity packet, the authenticator relays thepacket in a RADIUS Access-Request packet to the authentication server.5) When receiving the RADIUS Access-Request packet, the RADIUS servercompares the identify information against its user information table to obtain thecorresponding password information. Then, it encrypts the password informationusing a randomly generated challenge, and sends the challenge informationthrough a RADIUS Access-Challenge packet to the authenticator.
