EasyManua.ls Logo

HPE FlexFabric 5940 SERIES

HPE FlexFabric 5940 SERIES
571 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
75
802.1X authentication procedures
802.1X authentication has two methods: EAP relay and EAP termination. You choose either mode
depending on support of the RADIUS server for EAP packets and EAP authentication methods.
EAP relay mode.
EAP relay is defined in IEEE 802.1X. In this mode, the network device uses EAPOR packets to
send authentication information to the RADIUS server, as shown in Figure 28.
Figure 28
EAP relay
In EAP relay mode, the client must use the same authentication method as the RADIUS server.
On the access device, you only need to use the dot1x authentication-method eap command
to enable EAP relay.
EAP termination mode.
As shown in Figure 29, the ac
cess device performs the following operations in EAP termination
mode:
a. Terminates the EAP packets received from the client.
b. Encapsulates the client authentication information in standard RADIUS packets.
c. Uses PAP or CHAP to authenticate to the RADIUS server.
Figure 29 EAP termination
Comparing EAP relay and EAP termination
Packet exchange
method
Benefits Limitations
EAP relay
Supports various EAP
authentication methods.
The configuration and
processing are simple on the
access device.
The RADIUS server must support the
EAP-Message and
Message-Authenticator attributes, and
the EAP authentication method used by
the client.
EAP termination
Works with any RADIUS server
that supports PAP or CHAP
authentication.
Supports only the following EAP
authentication methods:
{ MD5-Challenge EAP
authentication.
{ The username and password
EAP authentication initiated by
an HPE iNode 802.1X client.

Table of Contents

Other manuals for HPE FlexFabric 5940 SERIES

Related product manuals