Scenario 1--Healthy Supplicant
- The 802.1X supplicant initiates a connection to the 802.1X network access server (NAS), which in this scenario is the Extreme Networks switch.
- The supplicant passes its authentication credentials to the switch using PEAP and an inner authentication method such as MS-CHAPv2.
The RADIUS server requests a
statement of health (SoH) from the supplicant.
Only NAP-capable supplicants create an SoH, which contains information about whether or not the supplicant is compliant with the system health requirements defined by the network administrator.
- If the SoH indicates that the supplicant is healthy, the RADIUS server sends an Access-Accept message with a RADIUS VSA indicating which VLAN the healthy supplicant is moved to (in this example, the Production VLAN).
- The switch authenticates the supplicant and moves it into the Production VLAN.
- The switch sends a trap to the NMS indicating that the supplicant has been successfully authenticated and the VLAN into which it has been moved.