EAP over lan (EAPOL)

Unanswered Question
Jan 28th, 2009

Hi every body!

I was reading about EAPOL and found the follwing on a link. Is it true that EAPOL is used for wireless as well?

"The key protocol in 802.1x is called EAP over LANs (EAPOL). It is currently defined for Ethernet-like LANs including 802.11 wireless, as well as token ring LANs (including FDDI)"

2)There are different EAPOL frames:

EAPOL-start,EAP-logoff,EAPOL-key, EAPOL_encapsulated -asf-alert.

What function EAPOL-key performs?

thanks a lot!

Here what i find about EAPOL_encapsulated -asf-alert.

"the ASF Alert EAP packet type allows for things like SNMP traps to be sent through a port where the authentication resulted in an Unauthorized state"

Who sends this alert? authenticator or supplicant? If authenticator sends this frame then whom does it send? SNMP management console? how as EAPOL only works between authenticator and supplicant.

thanks a lot!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Tue, 02/03/2009 - 07:00

The keys used for encryption are derived from the PMK that has been mutually derived during the EAP authentication section. This PMK is sent to the authenticator in the EAP success message, but is not forwarded to the supplicant because the supplicant has derived its own copy of the PMK.

1. The authenticator sends an EAPOL-Key frame containing an authenticator nonce (ANonce), which is a random number generated by the authenticator.

a. The supplicant derives a PTK from the ANonce and supplicant nonce (SNonce), which is a random number generated by the client/supplicant.

2. The supplicant sends an EAPOL-Key frame containing an SNonce, the RSN information element from the (re)association request frame, and an MIC.

a. The authenticator derives a PTK from the ANonce and SNonce and validates the MIC in the EAPOL-Key frame.

3. The authenticator sends an EAPOL-Key frame containing the ANonce, the RSN information element from its beacon or probe response messages; the MIC, determining whether to install the temporal keys; and the encapsulated group temporal key (GTK), the multicast encryption key.

4. The supplicant sends an EAPOL-Key frame to confirm that the temporal keys are installed.

Actions

This Discussion