802.1x Overview 719
Figure 213 EAP packet format
■ Code: Type of the EAP packet, which can be Request, Response, Success, or
Failure.
An EAP packet of the type of Success or Failure has no Data field, and has a length
of 4.
An EAP packet of the type of Request or Response has a Data field in the format
shown in Figure 214. The Type field indicates the EAP authentication type. A value
of 1 represents Identity, indicating that the packet is for querying the identity of
the supplicant. A value of 4 represents MD5-Challenge, which corresponds closely
to the PPP CHAP protocol.
Figure 214 Format of the Data field in an EAP request/response packet
■ Identifier: Allows matching of responses with requests.
■ Length: Length of the EAP packet, including the Code, Identifier, Length, and
Data fields, in bytes.
■ Data: Content of the EAP packet. This field is zero or more bytes and its format
is determined by the Code field.
EAP Encapsulation over
RADIUS
Two attributes of RADIUS are intended for supporting EAP authentication:
EAP-Message and Message-Authenticator. For information about RADIUS packet
format, refer to “Configuring RADIUS” on page 765.
EAP-Message
The EAP-Message attribute is used to encapsulate EAP packets. Figure 215 shows
its encapsulation format. The value of the Type field is 79. The String field can be
up to 253 bytes. If the EAP packet is longer than 253 bytes, it can be fragmented
and encapsulated into multiple EAP-Message attributes.
Figure 215 Encapsulation format of the EAP-Message attribute
015
Code
Data
Length
7
Identifier
2
4
N
0N
Type Type data
7
015
Type String
7
Length
N
EAP packets
To Next Page
Loading...
