Upload
baruch
View
18
Download
0
Embed Size (px)
DESCRIPTION
EAP /EAP-Method interface. EAP Method. EAP Method. Method-state. Method-state. Startmethod rx.Rsp Rx.NAK. rdy.Req rdy.noReq. rxMethodReq. rdy.Rsp rdy.noRsp. EAP Layer. EAP Layer. 802.1x. 802.1x. CHALLENGE bldReq Methodstate= CON rdy.Req=TRUE. PassThru Method. startMethod. - PowerPoint PPT Presentation
Citation preview
EAP /EAP-Method interface
802.1x 802.1x
EAP Layer EAP Layer
EAP Method
EAP Method
rxMethodReq rdy.Rsp rdy.noRsp
Method-state
Startmethod rx.RspRx.NAK
Method-state
rdy.Req rdy.noReq
PassThru MethodstartMethod
Initialize Method
eapmsg=null
RADIUS- Request
bldRADReq(eapmsg) send RADIUS Request radWhile=<timeout>
TIMEOUT
increment timeout
ACCEPT
bldReq methodState=SUC rdyReq=TRUE
REJECT
bldReq MethodState=Fail rdyReq=TRUE
UCT
radWhile=0
UCT
CHALLENGE
bldReq Methodstate= CON rdy.Req=TRUE
rcvRad.rejectrxResp!!rxNAK
rcvRad.challeenge
rcvRad.accept
Done
UCT UCT
passthru method questions
• A number of special cases seem to appear– current eap assumes method does not deal with NAK - but need to for
forwarding to RADIUS
– current eap assumes method does not send Success/Fail - but need to with passthru
• Integrity Check interface could be added if local integrity checking is done
– e.g. in RADIUS-Request include an integrityCheck function and a ICFail state that to transition to if the check fails
• My Conclusion -- pass thru method is not quite right, probably need a passthru “gateway” which translates between requirements for eap transport.