a.Authorized/unauthorized state of a controlled port
In the unauthorized state, a controlled port controls traffic in one of the following ways:
∙Performs bidirectional traffic control to deny traffic to and from the client.
∙Performs unidirectional traffic control to deny traffic from the client.
NOTE:
The HP devices support only unidirectional traffic control.
802.1X uses the Extensible Authentication Protocol (EAP) to transport authentication information for the client, the network access device, and the authentication server. EAP is an authentication framework that uses the client/server model. It supports a variety of authentication methods, including
802.1X defines EAP over LAN (EAPOL) for passing EAP packets between the client and the network access device over a wired or wireless LAN. Between the network access device and the authentication server,
802.1X delivers authentication information in one of the following methods:
∙Encapsulates EAP packets in RADIUS by using EAP over RADIUS (EAPOR), as described in “EAP relay”.
∙Extracts authentication information from the EAP packets and encapsulates the information in standard RADIUS packets, as described in “EAP termination”.
NOTE:
If an 802.1X client uses EAP, the configuration on username format on the device does not take effect. For more information about username format configuration, see the chapter "RADIUS configuration".
Packet formats
EAP packet format
a shows the EAP packet format.
321