Reference Guide
108 | 802.1X
www.dell.com | support.dell.com
Figure 9-1 shows how EAP frames are encapsulated in Ethernet and Radius frames.
Figure 9-1. EAPOL Frame Format
The authentication process involves three devices:
• The device attempting to access the network is the supplicant. The supplicant is not allowed to
communicate on the network until the port is authorized by the authenticator. It can only communicate
with the authenticator in response to 802.1X requests.
• The device with which the supplicant communicates is the authenticator. The authenicator is the gate
keeper of the network. It translates and forwards requests and responses between the authentication
server and the supplicant. The authenticator also changes the status of the port based on the results of
the authentication process. The Dell Force10 switch is the authenticator.
*
Note: FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and
MS-CHAPv2 with PEAP.
End-user Device
Dell Force10 switch
RADIUS Serv
er
EAP over LAN (EAPOL)
EAP over RADIUS
fnC0033mp
Preamble
Start Frame
Delimiter
Destination MAC
(1:80:c2:00:00:03)
Source MAC
(Auth Port MAC)
Ethernet Type
(0x888e)
Protocol Version
(1)
Packet Type
EAPOL Frame
Length
Code
(0-4)
ID
(Seq Number)
EAP-Method Frame
Length
EAP-Method
Code
(0-255)
Length
EAP-Method Data
(Supplicant Requested Credentials)
Range: 0-4
Type: 0: EAP Packet
1: EAPOL Start
2: EAPOL Logoff
3: EAPOL Key
4: EAPOL Encapsulated-ASF-Alert
Range: 0-4
Type: 0: EAP Packet
1: EAPOL Start
2: EAPOL Logoff
3: EAPOL Key
4: EAPOL Encapsulated-ASF-Alert
EAP Frame
Padding
FCS
Range: 1-4
Codes: 1: Request
2: Response
3: Success
4: Failure
Range: 1-255
Codes: 1: Identity
2: Notification
3: NAK
4: MD-5 Challenge
5: One-Time Challenge
6: Generic Token Card