802.1X is a port-based network access control (NAC) protocol widely used for securing wired and wireless networks. It relies on the Extensible Authentication Protocol (EAP) to facilitate authentication between a supplicant (client) and an authentication server (typically a RADIUS server). The HCSP-Presales-Campus Network Planning and Design V1.0 documentation highlights two primary EAP-based authentication modes in 802.1X deployments: EAP termination and EAP relay.
EAP Termination: In this mode, the authenticator (e.g., a switch or access point) terminates the EAP session and communicates with the authentication server using a protocol like RADIUS. The authenticator extracts the EAP information and forwards credentials to the server in a non-EAP format. This mode is commonly used when the authenticator handles part of the authentication process locally.
EAP Relay: In this mode, the authenticator relays the entire EAP conversation between the supplicant and the authentication server without processing it. The EAP messages are encapsulated (e.g., in RADIUS packets) and sent directly to the server, which performs the full authentication. This mode is preferred for centralized authentication management.
[Reference: HCSP-Presales-Campus Network Planning and Design V1.0, Section on Network Access Control (NAC) and 802.1X Authentication., , ]
Submit