[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 3579



Bernard Aboba wrote:
> There is no such thing as an EAP-Start packet defined outside of
> RADIUS.  Perhaps you are thinking of EAPoL-Start?  However, EAPoL-Start
> as defined in IEEE 802.1X-2004 does not contain any data, nor does it
> contain an EAP packet.   An EAP authenticator can respond to an
> EAPoL-Start by sending an EAP-Request/Identity to the peer;  there is no
> reason to send a RADIUS Access-Request/EAP-Message packet to the RADIUS
> server unless there is a desire to bypass the Identity exchange.

  IIRC, I have seen packet traces where the EAP-Message attribute
contains only 4 octets.  The server then responds with an
Access-Challenge/EAP-Identity request, and authentication continues.

  But that behavior is rare.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>