System information

SIGNAMAX a.s.

Seat: Palackeho trida 38, 612 00 Brno, CZ l Office: Vlarska 22, P. O. Box 214, 658 14 Brno, CZ

T:+420 533 338 854 l F:+420 533 338 883 l www.signamax.eu

The Fig. 3-55 shows the procedure of 802.1X authentication. There are steps for the

EAPOL and the left side is EAP.

1. At the initial stage, the supplicant A is unauthenticated and a port on switch

acting as an authenticator is in unauthorized state. So the access is blocked

in this stage.

2. Initiating a session. Either authenticator or supplicant can initiate the

message exchange. If supplicant initiates the process, it sends EAPOL-start

packet to the authenticator PAE and authenticator will immediately respond

EAP-Request/Identity packet.

3. The authenticator always periodically sends EAP-Request/Identity to the

supplicant for requesting the identity it wants to be authenticated.

4. If the authenticator doesn’t send EAP-Request/Identity, the supplicant will

initiate EAPOL-Start the process by sending to the authenticator.

5. And next, the Supplicant replies an EAP-Response/Identity to the

authenticator. The authenticator will embed the user ID into Radius-Access-

Request command and send it to the authentication server for confirming its

identity.

6. After receiving the Radius-Access-Request, the authentication server sends

Radius-Access-Challenge to the supplicant for asking for inputting user

password via the authenticator PAE.

7. The supplicant will convert user password into the credential information,

perhaps, in MD5 format and replies an EAP-Response with this credential

information as well as the specified authentication algorithm (MD5 or OTP) to

Authentication server via the authenticator PAE. As per the value of the type

field in message PDU, the authentication server knows which algorithm

should be applied to authenticate the credential information, EAP-MD5

(Message Digest 5) or EAP-OTP (One Time Password) or other else

algorithm.

Supplicant A

Authentication server

Authenticator

Fig. 3-54