63the authentication server does not support the multicast address, you must use an 802.1X client (forexample, the H3C iNode 802.1X client) that can send broadcast EAPOL-Start packets.Access device as the initiatorThe access device initiates authentication, if a client cannot send EAPOL-Start packets. One example isthe 802.1X client available with Windows XP.The access device supports the following modes:• Multicast trigger mode—The access device multicasts Identity EAP-Request packets periodically(every 30 seconds by default) to initiate 802.1X authentication.• Unicast trigger mode—Upon receiving a frame with the source MAC address not in the MACaddress table, the access device sends an Identity EAP-Request packet out of the receiving port tothe unknown MAC address. It retransmits the packet if no response has been received within acertain time interval.802.1X authentication procedures802.1X authentication provides two methods: EAP relay and EAP termination. You choose either modedepending on support of the RADIUS server for EAP packets and EAP authentication methods.• EAP relay mode:EAP relay is defined in IEEE 802.1X. In this mode, the network device uses EAPOR packets to sendauthentication information to the RADIUS server, as shown in Figure 27.Figure 27 EAP relayIn EAP relay mode, the client must use the same authentication method as the RADIUS server. Onthe network access device, you only need to use the dot1x authentication-method eap commandto enable EAP relay.• EAP termination mode:In EAP termination mode, the network access device terminates the EAP packets received from theclient, encapsulates the client authentication information in standard RADIUS packets, and usesPAP or CHAP to authenticate to the RADIUS server, as shown in Figure 28.Figure 28 EAP termination