Operation Manual – 802.1x-HABP-MAC AuthenticationH3C S3610&S5510 Series Ethernet Switches Chapter 1 802.1x Configuration1-10EAPOL RADIUSEAPOL- StartEAP- Resquest / IdentityEAP- Response / IdentityEAP - Request / MD5 challengeEAP- Response / MD5 challengeRADIUS Access - Request(CHAP- Response / MD 5 challenge)RADIUS Access- Accept(CHAP- Success)Port authorizedHandshake timer......Port unauthorizedSupplicant systemPAEAuthenticator systemPAERADUISserverEAP- SuccessHandshake request[ EAP- Request / Identity ]Handshake response[ EAP- Response / Identity]EAPOL- LogoffFigure 1-9 Message exchange in EAP termination modeDifferent from the authentication process in EAP relay mode, it is the authenticator thatgenerates the random challenge for encrypting the user password information in EAPtermination authentication process. Consequently, the authenticator sends thechallenge together with the username and encrypted password information from thesupplicant to the RADIUS server for authentication.1.1.6 802.1x TimersSeveral timers are used in the 802.1x authentication process to guarantee that thesupplicants, the authenticators, and the RADIUS server interact with each other in areasonable manner. The following are the major 802.1x timers:z Username request timeout timer (tx-period): This timer is used in two cases, one iswhen an authenticator retransmits an EAP-Request/Identity frame and the other is
