15 lines
947 B
Plaintext
15 lines
947 B
Plaintext
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
|
|
using EAP-TTLS authentication only with the gateway presenting a server certificate and
|
|
the clients doing EAP-MD5 password-based authentication.
|
|
<p/>
|
|
In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS
|
|
tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b>
|
|
client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The IMCs and IMVs exchange
|
|
messages over the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
|
|
<p>
|
|
The first time the TNC clients <b>carol</b> and <b>dave</b> send their measurements,
|
|
TNC server <b>moon</b> requests a handshake retry. In the retry <b>carol</b> succeeds
|
|
and <b>dave</b> fails. Thus based on this second round of measurements the clients are connected
|
|
by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
|
|
</p>
|