The authentication process at this stage is completed and the port state changes to Authorized. The Authenticator decapsulates and forwards the EAP-Success message to the Supplicant. It responds back with an Access-Accept packet. The RADIUS Server decapsulates the packet and obtains the EAP-Message attribute. The Authenticator encapsulates it with an Access-Request packet containing EAP-Message attributes and passes onto the RADIUS Server. The Supplicant responds back with an EAP-Response/Auth message to the Authenticator. The Authenticator receives the Access-Challenge message, decapsulates the packet and passes onto the Supplicant as an EAP-Request/Auth message. If the RADIUS server does not support EAP, it sends an Access-Reject message. On receiving an Access-Request message, the RADIUS server responds with an Access-Challenge message containing EAP-Message attribute. The Authenticator acts as a pass-through and encapsulates the EAP-Response within an EAP-message attribute sent to the Authentication Server (RADIUS Server) within a RADIUS Access-Request message. The Supplicant supplies the EAP-Response/Identity message indicating to the Authenticator that it should proceed with authentication. Once EAP is negotiated, the Authenticator sends an EAP-Request/Identity message to the Supplicant. The Supplicant and the Authenticator begin the conversation by negotiating the use of EAP. If the Authenticator port connected to the Supplicant is not configured with dot1x port-control auto command, the Authenticator will not allow any EAPOL frames to pass through it and the port will remain in Unauthorized state.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |