Scenario 1--Healthy Supplicant
The steps to authenticate a healthy supplicant are:
-
The 802.1X supplicant initiates a connection
to the 802.1X network access server (NAS), which in this scenario
is the Extreme Networks switch.
-
The supplicant passes its authentication credentials
to the switch using PEAP and an inner authentication method such
as MS-CHAPv2.
-
The RADIUS server requests a statement of health (SoH)
from the supplicant.
Only NAP-capable supplicants create an SoH, which contains
information about whether or not the supplicant is compliant with
the system health requirements defined by the network administrator.
-
If the SoH indicates that the supplicant is healthy,
the RADIUS server sends an Access-Accept message with a RADIUS VSA
indicating which VLAN the healthy supplicant is moved to (in this
example, the Production VLAN).
-
The switch authenticates the supplicant and moves it
into the Production VLAN.
-
The switch sends a trap to the NMS indicating that the
supplicant has been successfully authenticated and the VLAN into which it has been
moved.