1-9Figure 1-9 802.1x authentication procedure (in EAP terminating mode)SupplicantsystemPAEAuthenticatorsystem PAE RADIUS serverEAPOL RADIUSEAPOL- StartEAP- Request /IdentityEAP- Response/IdentityEAP- Request/ MD5 ChallengeEAP- SuccessEAP- Response/MD5 ChallengeRADIUS Access-Request( CHAP- Response/MD5 Challenge)RADIUS Access- Accept( CHAP-Success)PortauthorizedHandshake timerHandshake request[EAP- Request/Identity]Handshake response[EAP- Response/Identity]EAPOL- Logoff......PortunauthorizedThe authentication procedure in EAP terminating mode is the same as that in the EAP relaymode except that the randomly-generated key in the EAP terminating mode is generated bythe switch, and that it is the switch that sends the user name, the randomly-generated key,and the supplicant system-encrypted password to the RADIUS server for furtherauthentication.Timers Used in 802.1xIn 802.1 x authentication, the following timers are used to ensure that the supplicantsystem, the switch, and the RADIUS server interact in an orderly way.z Handshake timer (handshake-period). This timer sets the handshake period and istriggered after a supplicant system passes the authentication. It sets the interval for aswitch to send handshake request packets to online users. You can set the maximumnumber of transmission attempts by using the dot1x retry command. An online userwill be considered offline when the switch has not received any response packets afterthe maximum number of handshake request transmission attempts is reached.z Quiet-period timer (quiet-period). This timer sets the quiet-period. When a supplicantsystem fails to pass the authentication, the switch quiets for the set period (set by thequiet-period timer) before it processes another authentication request re-initiated by