352
Comparing EAP relay and EAP termination
When configuring EAP relay or EAP termination, consider the following factors:
• The support of the RADIUS server for EAP packets.
• The authentication methods supported by the 802.1X client and the RADIUS server.
• If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP
authentication initiated by an HP iNode 802.1X client, you can use both EAP termination and EAP
relay. To use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay.
Packet exchan
Limitations
EAP relay
• Supports various EAP
authentication methods.
• The configuration and processing is
simple on the network access
device.
The RADIUS server must support the
EAP-Message and
Message-Authenticator attributes,
and the EAP authentication method
used by the client.
EAP termination
Works with any RADIUS server that
supports PAP or CHAP authentication.
• Supports only MD5-Challenge
EAP authentication and the
"username + password" EAP
authentication initiated by an HP
iNode 802.1X client.
• The processing is complex on the
network access device.
EAP relay
Figure 325 shows the basic 802.1X authentication procedure in EAP relay mode, assuming that
EAP-MD5 is used.
To Next Page
Loading...
