The steps to authenticate a healthy supplicant are:
The 802.1X supplicant initiates a connection
to the 802.1X network access server (NAS), which in this scenario
is the Extreme Networks switch.
The supplicant passes its authentication credentials
to the switch using PEAP and an inner authentication method such
as MS-CHAPv2.
The RADIUS server requests a
statement of health (SoH) from the supplicant.
Only NAP-capable supplicants create an SoH, which contains
information about whether or not the supplicant is compliant with the system health
requirements defined by the network administrator.
If the SoH indicates that the supplicant is healthy, the
RADIUS server sends an Access-Accept message with a RADIUS VSA indicating which
VLAN the healthy supplicant is moved to (in this example,
the Production VLAN).
The switch authenticates the supplicant and moves it
into the Production VLAN.
The switch sends a trap to the NMS indicating that the
supplicant has been successfully authenticated and the VLAN into which it has been
moved.
