Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3634
Views
0
Helpful
1
Replies

EAP over lan (EAPOL)

sarahr202
Level 7
Level 7

‎01-28-2009 10:23 PM - edited ‎03-06-2019 03:44 AM

Hi every body!

I was reading about EAPOL and found the follwing on a link. Is it true that EAPOL is used for wireless as well?

"The key protocol in 802.1x is called EAP over LANs (EAPOL). It is currently defined for Ethernet-like LANs including 802.11 wireless, as well as token ring LANs (including FDDI)"

2)There are different EAPOL frames:

EAPOL-start,EAP-logoff,EAPOL-key, EAPOL_encapsulated -asf-alert.

What function EAPOL-key performs?

thanks a lot!

Here what i find about EAPOL_encapsulated -asf-alert.

"the ASF Alert EAP packet type allows for things like SNMP traps to be sent through a port where the authentication resulted in an Unauthorized state"

Who sends this alert? authenticator or supplicant? If authenticator sends this frame then whom does it send? SNMP management console? how as EAPOL only works between authenticator and supplicant.

thanks a lot!

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 11
Level 11

‎02-03-2009 07:00 AM

The keys used for encryption are derived from the PMK that has been mutually derived during the EAP authentication section. This PMK is sent to the authenticator in the EAP success message, but is not forwarded to the supplicant because the supplicant has derived its own copy of the PMK.

1. The authenticator sends an EAPOL-Key frame containing an authenticator nonce (ANonce), which is a random number generated by the authenticator.

a. The supplicant derives a PTK from the ANonce and supplicant nonce (SNonce), which is a random number generated by the client/supplicant.

2. The supplicant sends an EAPOL-Key frame containing an SNonce, the RSN information element from the (re)association request frame, and an MIC.

a. The authenticator derives a PTK from the ANonce and SNonce and validates the MIC in the EAPOL-Key frame.

3. The authenticator sends an EAPOL-Key frame containing the ANonce, the RSN information element from its beacon or probe response messages; the MIC, determining whether to install the temporal keys; and the encapsulated group temporal key (GTK), the multicast encryption key.

4. The supplicant sends an EAPOL-Key frame to confirm that the temporal keys are installed.

0 Helpful
Customers Also Viewed These Support Documents