beautypg.com

5 timers used in 802.1x, 5 timers used in 802.1x -9 – H3C Technologies H3C S3100 Series Switches User Manual

Page 282

background image

Operation Manual – 802.1x

H3C S3100-52P Ethernet Switch

Chapter 1 802.1x Configuration

1-9

Supplicant

system

Switch

RADIUS ser ver

EAPOL

RADIUS

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/MD5 Challenge

EAP-Success

EAP-Response/MD5 Challenge

RADIUS Access-Reque

(CHAP-Response/MD5 Chal

st

lenge)

RADIUS Access-Acce

(CHAP-Success)

pt

Port accepted

Handshake ti mer ti me out

Handshake request packet

[EAP-Request/Identity]

Handshake reply packet

[EAP-Response/Identity]

EAPOL-Logoff

......

Port rejected

Supplicant

system

Switch

RADIUS ser ver

EAPOL

RADIUS

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/MD5 Challenge

EAP-Success

EAP-Response/MD5 Challenge

RADIUS Access-Reque

(CHAP-Response/MD5 Chal

st

lenge)

RADIUS Access-Acce

(CHAP-Success)

pt

Port accepted

Handshake ti mer ti me out

Handshake request packet

[EAP-Request/Identity]

Handshake reply packet

[EAP-Response/Identity]

EAPOL-Logoff

......

Port rejected

Supplicant

system

Switch

RADIUS ser ver

EAPOL

RADIUS

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/MD5 Challenge

EAP-Success

EAP-Response/MD5 Challenge

RADIUS Access-Reque

(CHAP-Response/MD5 Chal

st

lenge)

RADIUS Access-Acce

(CHAP-Success)

pt

Port accepted

Handshake ti mer ti me out

Handshake request packet

[EAP-Request/Identity]

Handshake reply packet

[EAP-Response/Identity]

EAPOL-Logoff

......

Port rejected

Figure 1-9

802.1x authentication procedure (in EAP terminating mode)

The authentication procedure in EAP terminating mode is the same as that in the EAP
relay mode except that the randomly-generated key in the EAP terminating mode is
generated by the switch, and that it is the switch that sends the user name, the
randomly-generated key, and the supplicant system-encrypted password to the
RADIUS server for further authentication.

1.1.5 Timers Used in 802.1x

In 802.1 x authentication, the following timers are used to ensure that the supplicant
system, the switch, and the RADIUS server interact in an orderly way.

z

Transmission timer (tx-period). This timer sets the tx-period and is triggered by
the switch in two cases. The first case is when the client requests for
authentication. The switch sends a unicast request/identity packet to a supplicant
system and then triggers the transmission timer. The switch sends another

See also other documents in the category H3C Technologies Routers: