802.1X Authentication Overview
802.1X is a port-based authentication mechanism used for secure network access control. It involves:
EAPoL (Extensible Authentication Protocol over LAN) communication between the client (supplicant) and the switch (authenticator).
RADIUS communication between the authenticator and the authentication server (AAA server).
✅ A. 802.1X authentication uses EAPoL to exchange authentication information.
EAPoL (Extensible Authentication Protocol over LAN) is used to send authentication packets over Ethernet (IEEE 802.3) networks.
✅ B. In EAP termination mode, the network device terminates EAP packets and re-encapsulates them into RADIUS.
The switch acts as an authentication proxy by terminating EAP sessions and converting authentication information into RADIUS format.
✅ C. EAPoL is for wired (802.3), EAPoW is for wireless (802.11).
EAPoL (EAP over LAN) is used in wired Ethernet networks.
EAPoW (EAP over Wireless) is used in Wi-Fi (802.11) networks.
✅ D. In EAP relay mode, EAP packets are encapsulated into RADIUS using EAPoR (EAP over RADIUS).
The switch does not terminate the EAP session but instead forwards EAP messages to the AAA server inside RADIUS packets.
Reference from Huawei HCIE-Datacom Documentation:
Huawei 802.1X Configuration Guide – EAPoL, EAPoW, and EAPoR
HCIE-Datacom Training Material – AAA Authentication Modes
Submit