Operation Manual – 802.1xH3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration1-4terminated at the authenticator system PAE. The authenticator system PAE thencommunicates with the RADIUS server through PAP (password authenticationprotocol) or CHAP (challenge-handshake authentication protocol) packets.z When a supplicant system passes authentication, the authentication serverpasses the information about the supplicant system to the authenticator system.Then the authenticator system determines the state (authorized or unauthorized)of the controlled port according to the instruction (accept or reject) received fromthe RADIUS server.1.1.3 EAPoL EncapsulationI. EAPoL packet formatEAPoL is a packet encapsulation format defined in 802.1x. It is designed to transmitEAP protocol packets between suppliant systems and authenticator systems overLANs. The following figure illustrates the format of an EAPoL packet.PAE Ethernet type Protocol version Length0 2 3 4Packet body6 NTypePAE Ethernet type Protocol version Length0 2 3 4Packet body6 NTypeFigure 1-3 The format of an EAPoL packetIn an EAPoL packet:z The PAE Ethernet type field holds protocol type, with 0x888E being 802.1x.z The Protocol version field holds the version of the protocol supported by thesender of EAPoL packets.z The Type field can be one of the following:EAP-Packet (00): a packet used to carry authentication information;EAPoL-Start (01): a packet used to initiate authentication;EAPoL-Logoff (02): a packet used to send logging off request;EAPoL-Key (03): a packet used to carry key information;EAPoL-Encapsulated-ASF-Alert (04): a packet used to support the alertingmessages of alerting standards forum (ASF).z The Length field indicates the size of the Packet body field. A value of 0 indicatesthat the Packet body field does not exist.z The Packet body field varies with the Type field.Note that EAPoL-Start, EAPoL-Logoff, and EAPoL-Key packets are only transmittedbetween the supplicant system and the authenticator system. EAP-packets areencapsulated by the RADIUS protocol to traverse through complicated networks andsuccessfully reach the authentication server. Network management-related information(such as alarming information) is encapsulated in EAPoL-Encapsulated-ASF-Alertpackets, which are terminated by the authenticator system.