5.The authentication server uses the identity information in the RADIUS
6.The network access device relays the
7.The client uses the received challenge to encrypt the password, and sends the encrypted password in an
8.The network access device relays the
9.The authentication server compares the received encrypted password with the one it generated at step 5. If the two are identical, the authentication server considers the client valid and sends a RADIUS
10.Upon receiving the RADIUS
11.After the client comes online, the network access device periodically sends handshake requests to check whether the client is still online. By default, if two consecutive handshake attempts fail, the device logs off the client.
12.Upon receiving a handshake request, the client returns a response. If the client fails to return a response after a certain number of consecutive handshake attempts (two by default), the network access device logs off the client. This handshake mechanism enables timely release of the network resources used by 802.1X users that have abnormally gone offline.
13.The client can also send an
14.In response to the
EAP termination
Figure 307 shows the basic 802.1X authentication procedure in EAP termination mode, assuming that CHAP authentication is used.
327