EAPoL (Extensible Authentication Protocol over LAN)

802.1x-Components

EAPoL is the abbreviation of Extensible Authentication Protocol over LAN. EAPoL (Extensible Authentication Protocol over LAN) is a network authentication protocol used in 802.1x (Port Based Natwork Access Control). In other words, it is the encapsulation protocol used between Supplicant and Authenticator.

 

As we have talked about before, in 802.1x and also in EAPoL architecture, there are three main components. These are :

  • Supplicant
  • Authenticator
  • Authentication Server

 

Supplicant is the host device that need to be authenticated.

Authenticator is the relay device that connects Supplicant to the Authentication Server and controls the network access.

And the Authentication Server is the AAA Server (Radius Server etc.).

 

802.1x-Components

 


Table of Contents

EAPoL Messages

 

There are five messages of EAPoL (Extensible Authentication Protocol over LAN). Some of these EAPoL messages carries EAP, but some of them are used only for administrative facilities.

 

By the way, the Ether Type of EAPoL frames are 0x888E.

 

So, what are these EAPoL Messages? These EAPoL messages are :

  • EAPoL Start
  • EAPoL Key
  • EAPoL Packet
  • EAPoL Logoff
  • EAPoL Encapsulated ASF Alert

 


 

EAPoL Start : At the beginning Supplicant do not know the MAC address of Authenticator. So, it sends this message to a multicast group to learn that if are there any Authenticator in the LAN.

 

EAPoL Key : This message is used by Authenticator to send encrypted keys.

 

EAPoL Packet : The message that is sent for Normal EAP frames.

 

EAPoL Logoff : The message that shows that the Supplicant wants to terminate the connection.

 

EAPoL Encapsulated ASF Alert : It is sent for allerts about unauthorized ports.

 


 

The EAPoL Packet encapsulated by Ethernet Frame is showed below. As you can see, Extensible Authentication Protocol over LAN packet consist of four parts: Protocol Version, Packet Type, Packet Body Length and Packet Body. Here the Packet Type field shows the message types.

 

  • Start (0)
  • Key (1)
  • Packet (2)
  • Logoff (3)
  • Encapsulated ASF Alert (4)

 

EAPoL-packet, EAPoL (Extensible Authentication Protocol over LAN)

 

Lesson tags: EAPoL
Back to: CCIE Enterprise Infrastructure > Network Security

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact

  • info@ipcisco.com
IPCisco is the Winner! “Best Certification Study Journey of 2019!”

Cisco-ITBlogAwards-2019-Winner-IPCisco-k

CCIE Enterprise Infrastructure