1 / 11

EAP State Machines

EAP State Machines. IETF 56 - March 19, 2003 John Vollbrecht jrv@umich.edu Nick Petroni npetroni@cs.umd.edu. EAP State Machine. EAP State Machine page http://www.cs.umd.edu/~npetroni/EAP/ EAP State machine Draft http://www.ietf.org/internet-drafts/draft-vollbrecht-eap-state-01.ps

Download Presentation

EAP State Machines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EAP State Machines IETF 56 - March 19, 2003 John Vollbrecht jrv@umich.edu Nick Petroni npetroni@cs.umd.edu

  2. EAP State Machine • EAP State Machine page http://www.cs.umd.edu/~npetroni/EAP/ • EAP State machine Draft • http://www.ietf.org/internet-drafts/draft-vollbrecht-eap-state-01.ps • http://www.ietf.org/internet-drafts/draft-vollbrecht-eap-state-01.txt

  3. EAP State Machinetopics • State machine “style” • 802.1x coordination • Variables, transitions and states • EAP Mux model • Peer State Machine • Authenticator State Machine • Pass thru • Methods - silent discard vs NAK • Policy functions and decisions

  4. State Machine Style • 802.1x format to allow coordination with 802.1x state machine • Other formats have been tried

  5. EAP MUX Model peer Authenticator EAP method1 EAP method2 EAP method1 EAP method2 EAP Switch EAP Switch link link

  6. Peer State Diagram (07)

  7. Authenticator State Machine (07)

  8. Pass thru Client AP AAA EAP method EAP method1 EAP method1 EAP method passthru EAP Switch EAP Switch EAP Switch EAP Switch link link RADIUS RADIUS

  9. Methods - silent discard vs NAK • Should Requests for new method be accepted in the middle of another method • Talked about yesterday • In Peer machine see STRICT from method • Alternatively see Policy.allow if Strict is not used • Should Success/ Failure be Discarded in the middle of a method • Should Methods be able to do method Integrity Checks • Method State and implementations • Silent discard requires knowing “state” of method

  10. Policy Functions • Policy Functions determine • Policy.allow • What methods are allowed when • Policy.isSatisfied • Is Policy Successful and Complete • Policy.getNextMethod • Get next method

  11. EAP State Machine- next steps • Clean up depending on resolution of issues • Add policy function examples • Resolve issues with 2284 bis • Incorporate into 2284bis? • Add state machines for Pass-thru to 2869bis • Other?

More Related