How 8021x Works

Extensible Authentication Protocol (EAP) is the transport mechanism used in 802.1x to authenticate supplicants against a back-end data store, typically a RADIUS server. EAP was initially defined in RFC 2284 as a general authentication framework running over Layer 2 PPP. In RFC 3748, the EAP definition has been updated to include IEEE 802 as a link layer. The IEEE 802 encapsulation of EAP does not involve PPP, and IEEE 802.1X does not include support for link or network layer negotiations. As a result, within IEEE 802.1X, it is not possible to negotiate non-EAP authentication mechanisms, such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). EAP does not select a specific authentication mechanism during the link layer phase but rather postpones it until the authentication phase. Figure 17-2 depicts the EAP frame format.

0 0

Post a comment