EAPoL (Extensible Authentication Protocol over LAN)

802.1x-Components

EAPoL (Extensible Authentication Protocol over LAN)

EAPoL is the abbreviation of Extensible Authentication Protocol over LAN. EAPoL is a network authentication protocol used in 802.1x (Port Based Natwork Access Control). In other words, it is the encapsulation protocol used between Supplicant and Authenticator.

As we have talked about before, in 802.1x and also in EAPoL architecture, there are three main components. These are :

• Supplicant
• Authenticator
• Authentication Server

Supplicant is the host device that need to be authenticated.

Authenticator is the relay device that connects Supplicant to the Authentication Server and controls the network access.

And the Authentication Server is the AAA Server (Radius Server etc.)

802.1x-Components

EAPoL Messages

There are five messages of EAPoL. Some of these EAPoL messages carries EAP, but some of them are used only for administrative facilities.

By the way, the Ether Type of EAPoL frames are 0x888E.

So, what are these EAPoL Messages? These EAPoL messages are :

• EAPoL Start
• EAPoL Key
• EAPoL Packet
• EAPoL Logoff
• EAPoL Encapsulated ASF Alert

EAPoL Start : At the beginning Supplicant do not know the MAC address of Authenticator. So, it sends this message to a multicast group to learn that if are there any Authenticator in the LAN.

EAPoL Key : This message is used by Authenticator to send encrypted keys.

We're Sorry!
Full Access is for only IPCisco Crew...
With IPCisco Membership, You Can Access:
• All Certification Courses (Cisco, Juniper, Nokia and Huawei),
• Thousands of Questions (Lesson Quizes and Special Quiz Section),
• Carieer Consultancy, CV/Resume Check, Career Advice Meeting,
• Cheat Sheets, Job Interview Trainings, Network Tools,
You will be Member of a Big IPCisco Community,
You will Learn Network Lessons with Always,
New And Different Learning Styles!
We are waiting for you!

Lesson tags: EAPoL
Back to: CCIE > Switch Security

Comments are closed.

CCIE