EAP termination
Figure 29 shows the basic 802.1X authentication procedure in EAP termination mode, assuming that CHAP authentication is used.
Figure 29: 802.1X authentication procedure in EAP termination mode
In EAP termination mode, the access device rather than the authentication server generates an MD5 challenge for password encryption. The access device then sends the MD5 challenge together with the username and encrypted password in a standard RADIUS packet to the RADIUS server.