[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC 3579
Bernard Aboba wrote:
> There is no such thing as an EAP-Start packet defined outside of
> RADIUS. Perhaps you are thinking of EAPoL-Start? However, EAPoL-Start
> as defined in IEEE 802.1X-2004 does not contain any data, nor does it
> contain an EAP packet. An EAP authenticator can respond to an
> EAPoL-Start by sending an EAP-Request/Identity to the peer; there is no
> reason to send a RADIUS Access-Request/EAP-Message packet to the RADIUS
> server unless there is a desire to bypass the Identity exchange.
IIRC, I have seen packet traces where the EAP-Message attribute
contains only 4 octets. The server then responds with an
Access-Challenge/EAP-Identity request, and authentication continues.
But that behavior is rare.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>
- References:
- Re: RFC 3579
- From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- RE: RFC 3579
- From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- RE: RFC 3579
- From: "Bernard Aboba" <bernard_aboba@hotmail.com>