LevelOne ProCon GSW-2496 User Manual
Page 126

118
The Fig. 3-55 shows the procedure of 802.1X authentication. There are steps
for the login based on 802.1X port access control management. The protocol used 
in the right side is EAPOL and the left side is EAP. 
1.
At the initial stage, the supplicant A is unauthenticated and a port 
on switch acting as an authenticator is in unauthorized state. So the 
access is blocked in this stage. 
2.
Initiating a session. Either authenticator or supplicant can initiate 
the message exchange. If supplicant initiates the process, it sends 
EAPOL-start packet to the authenticator PAE and authenticator will 
immediately respond EAP-Request/Identity packet. 
3. The
authenticator
always periodically sends EAP-Request/Identity
to the supplicant for requesting the identity it wants to be 
authenticated. 
4. If the authenticator doesn’t send EAP-Request/Identity, the
supplicant will initiate EAPOL-Start the process by sending to the 
authenticator. 
5.
And next, the Supplicant replies an EAP-Response/Identity to the 
authenticator. The authenticator will embed the user ID into Radius-
Access-Request command and send it to the authentication server 
for confirming its identity. 
6.
After receiving the Radius-Access-Request, the authentication 
server sends Radius-Access-Challenge to the supplicant for asking 
for inputting user password via the authenticator PAE. 
7.
The supplicant will convert user password into the credential 
information, perhaps, in MD5 format and replies an EAP-Response 
with this credential information as well as the specified 
authentication algorithm (MD5 or OTP) to Authentication server via 
the authenticator PAE. As per the value of the type field in message 
PDU, the authentication server knows which algorithm should be 
applied to authenticate the credential information, EAP-MD5 
(Message Digest 5) or EAP-OTP (One Time Password) or other 
else algorithm. 
Supplicant A
B
C
Authentication server
Authenticator
Fig. 3-54
