Iii. newly added fields for eap authentication – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – 802.1x

H3C S3100-52P Ethernet Switch

Chapter 1 802.1x Configuration

1-5

Code

Identifier

Length

Data

N

t

0

1

2

4

Figure 1-4

The format of an EAP packe

In an EAP packet:

z

The Code field indicates the EAP packet type, which can be Request, Response,
Success, or Failure.

z

The Identifier field is used to match a Response packets with the corresponding
Request packet.

z

The Length field indicates the size of an EAP packet, which includes the Code,
Identifier, Length, and Data fields.

z

The Data field differs with the Code field.

A Success or Failure packet does not contain the Data field, so the Length field of it is 4.
Figure 1-5 shows the format of the Data field of a Request packet or a Response
packet.

Type

Type Data

t

Figure 1-5

The format of the Data field of a Request packet or a Response packe

z

The Type field indicates the EAP authentication type. A value of 1 indicates
Identity and that the packet is used to query the identity of the peer. A value of 4
represents MD5-Challenge (similar to PPP CHAP) and indicates that the packet
includes query information.

z

The Type Date field differs with types of Request and Response packets.

III. Newly added fields for EAP authentication

Two fields, EAP-message and Message-authenticator, are added to a RADIUS
protocol packet for EAP authentication. (Refer to the Introduction to RADIUS protocol
section in the AAA,RADIUS,HWTACACS and EAD Operation part for information about
the format of a RADIUS protocol packet.)
The EAP-message field, whose format is shown in Figure 1-6, is used to encapsulate
EAP packets. The maximum size of the string field is 253 bytes. EAP packets with their
size larger than 253 bytes are fragmented and are encapsulated in multiple
EAP-message fields. The type code of the EAP-message field is 79.