beautypg.com

Features working together with 802.1x, Vlan assignment – H3C Technologies H3C S7500E Series Switches User Manual

Page 99

background image

5-9

Figure 5-8 Message exchange in EAP termination mode

EAPOL

RADIUS

(1) EAPOL-Start

(2) EAP-Request/Identity

(3) EAP-Response/Identity

(4) EAP-Request/MD5 challenge

(8) EAP-Success

(5) EAP-Response/MD5 challenge

(9) Handshake request

(EAP-Request/Identity )

(10) Handshake response

(EAP-Response / Identity )

(11) EAPOL-Logoff

......

Client

Device

Server

Port authorized

Handshake timer

Port unauthorized

(6) RADIUS Access-Request

(CHAP-Response/MD5 challenge)

(7) RADIUS Access-Accept

(CHAP-Success)

Different from the authentication process in EAP relay mode, it is the device that generates the

random challenge for encrypting the user password information in the EAP termination

authentication process (Step (4) in the above figure). Consequently, the device sends the

challenge together with the username and encrypted password information from the client to

the RADIUS server for authentication.

Features Working Together with 802.1X

These features are:

z

VLAN assignment

z

Guest VLAN

z

ACL assignment

VLAN assignment

After an 802.1X user passes the authentication, the server will send an authorization message

to the device. If the server is configured with the VLAN assignment function, the assigned VLAN

information will be included in the message. The device, depending on the link type of the port

used to log on, adds the port to the assigned VLAN according to the following rules:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: