beautypg.com

The format of an eap packet, Newly added fields for eap authentication – H3C Technologies H3C S3100 Series Switches User Manual

Page 369

background image

1-4

z

The Packet body field differs with the Type field.

Note that EAPoL-Start, EAPoL-Logoff, and EAPoL-Key packets are only transmitted between the

supplicant system and the authenticator system. EAP-packets are encapsulated by RADIUS protocol to

allow them successfully reach the authentication servers. Network management-related information

(such as alarming information) is encapsulated in EAPoL-Encapsulated-ASF-Alert packets, which are

terminated by authenticator systems.

The format of an EAP packet

For an EAPoL packet with the value of the Type field being EAP-packet, its Packet body field is an EAP

packet, whose format is illustrated in

Figure 1-4

.

Figure 1-4 The format of an EAP packet

0

15

Code

Data

Length

7

Identifier

2

4

N

In an EAP packet:

z

The Code field indicates the EAP packet type, which can be Request, Response, Success, or

Failure.

z

The Identifier field is used to match a Response packet with the corresponding Request packet.

z

The Length field indicates the size of an EAP packet, which includes the Code, Identifier, Length,

and Data fields.

z

The Data field carries the EAP packet, whose format differs with the Code field.

A Success or Failure packet does not contain the Data field, so the Length field of it is 4.

Figure 1-5

shows the format of the Data field of a Request packet or a Response packet.

Figure 1-5 The format of the Data field of a Request packet or a Response packet

z

The Type field indicates the EAP authentication type. A value of 1 indicates Identity and that the

packet is used to query the identity of the peer. A value of 4 represents MD5-Challenge (similar to

PPP CHAP) and indicates that the packet includes query information.

z

The Type Date field differs with types of Request and Response packets.

Newly added fields for EAP authentication

Two fields, EAP-message and Message-authenticator, are added to a RADIUS protocol packet for EAP

authentication. (Refer to the Introduction to RADIUS protocol section in the AAA Operation Manual for

information about the format of a RADIUS protocol packet.)

The EAP-message field, whose format is shown in

Figure 1-6

, is used to encapsulate EAP packets. The

maximum size of the string field is 253 bytes. EAP packets with their size larger than 253 bytes are

See also other documents in the category H3C Technologies Routers: