1-5An EAP packet of the type of Request or Response has a Data field in the format shown in Figure 1-5.The Type field indicates the EAP authentication type. A value of 1 represents Identity, indicating that thepacket is for querying the identity of the client. A value of 4 represents MD5-Challenge, whichcorresponds closely to the PPP CHAP protocol.Figure 1-5 Format of the Data field in an EAP request/response packetz Identifier: Used to match request and response messages.z Length: Length of the EAP packet, including the Code, Identifier, Length, and Data fields, in bytes.z Data: Content of the EAP packet. This field is zero or more bytes and its format is determined bythe Code field.EAP over RADIUSTwo attributes of RADIUS are intended for supporting EAP authentication: EAP-Message andMessage-Authenticator. For information about RADIUS packet format, refer to AAA Configuration.EAP-MessageThe EAP-Message attribute is used to encapsulate EAP packets. Figure 1-6 shows its encapsulationformat. The value of the Type field is 79. The String field can be up to 253 bytes. If the EAP packet islonger than 253 bytes, it can be fragmented and encapsulated into multiple EAP-Message attributes.Figure 1-6 Encapsulation format of the EAP-Message attribute0 15Type String7LengthNEAP packetsMessage-AuthenticatorFigure 1-7 shows the encapsulation format of the Message-Authenticator attribute. TheMessage-Authenticator attribute is used to prevent access requests from being snooped during EAPauthentication. It must be included in any packet with the EAP-Message attribute; otherwise, the packetwill be considered invalid and get discarded.Figure 1-7 Encapsulation format of the Message-Authenticator attribute802.1X Authentication Triggering802.1X authentication can be initiated by either a client or the device.