EasyManuals Logo

H3C S3600 Series User Manual

H3C S3600 Series
966 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #459 background imageLoading...
Page #459 background image
Operation Manual – 802.1x
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
802.1x Configuration
1-9
Supplicant
system
Switch
RADIUS server
EAPOL RADIUS
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/MD5 Challenge
EAP-Success
EAP-Response/MD5 Challenge
RADIUS Access-Reque
(CHAP-Response/MD5 Chal
st
lenge)
RADIUS Access-Acce
(CHAP-Success)
pt
Port acc ept ed
Hands hake ti mer ti me out
Hands hake request pac ket
[EAP-Request/Identity]
Hands hake reply pac ket
[EAP-Response/Identity]
EAPOL-Logoff
......
Port rejected
Supplicant
system
Switch
RADIUS server
EAPOL RADIUS
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/MD5 Challenge
EAP-Success
EAP-Response/MD5 Challenge
RADIUS Access-Reque
(CHAP-Response/MD5 Chal
st
lenge)
RADIUS Access-Acce
(CHAP-Success)
pt
Port acc ept ed
Hands hake ti mer ti me out
Hands hake request pac ket
[EAP-Request/Identity]
Hands hake reply pac ket
[EAP-Response/Identity]
EAPOL-Logoff
......
Port rejected
Supplicant
system
Switch
RADIUS server
EAPOL RADIUS
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/MD5 Challenge
EAP-Success
EAP-Response/MD5 Challenge
RADIUS Access-Reque
(CHAP-Response/MD5 Chal
st
lenge)
RADIUS Access-Acce
(CHAP-Success)
pt
Port acc ept ed
Hands hake ti mer ti me out
Hands hake request pac ket
[EAP-Request/Identity]
Hands hake reply pac ket
[EAP-Response/Identity]
EAPOL-Logoff
......
Port rejected
Figure 1-9 802.1x authentication procedure (in EAP terminating mode)
The authentication procedure in EAP terminating mode is the same as that in the EAP
relay mode except that the randomly-generated key in the EAP terminating mode is
generated by the switch, and that it is the switch that sends the user name, the
randomly-generated key, and the supplicant system-encrypted password to the
RADIUS server for further authentication.
1.1.5 Timers Used in 802.1x
In 802.1 x authentication, the following timers are used to ensure that the supplicant
system, the switch, and the RADIUS server interact in an orderly way.
z Handshake timer (handshake-period). This timer sets the handshake-period and
is triggered after a supplicant system passes the authentication. It sets the interval
for a switch to send handshake request packets to online users. If you set the
number of retries to N by using the dot1x retry command, an online user is

Table of Contents

Other manuals for H3C S3600 Series

Preview: Command Manual
Command Manual1277 pages
Preview: Installation Manual
Installation Manual98 pages
Preview: Datasheet
Datasheet10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S3600 Series and is the answer not in the manual?

H3C S3600 Series Specifications

General IconGeneral
BrandH3C
ModelS3600 Series
CategorySwitch
LanguageEnglish

Related product manuals