2.3.5 EAP Enforcement

The NAP EAP enforcement client extends the 802.1x supplicant, allows responding to an SoH Request TLV message with an SoH TLV message, as specified in section 2.3, and sends the response using an 802.1x supplicant for 802.1x-authenticated connections, as described in [MS-NAPOD].<6>

While attempting to access a LAN or WLAN using an 802.1x connection, the 802.1x supplicant obtains an SoH as specified in section 2.3 and sends it in PEAP-Type-Length-Value (TLV) extension, as specified in [MS-PEAP] section 2.2.8. The 802.1x server can send the SoH to a policy server (for example NPS) for evaluation. Based on the policy server response, the 802.1x server can enable the client to connect to other computers on the network or can restrict the traffic of the NAP client by specifying a restricted network that limits access to specific resources on the network, as described in [MS-NAPOD]. Alternatively, the 802.1x server can reject supplicant access.