The hardcopy devices carol and dave set up a connection each to the policy enforcement point moon. At the outset the gateway authenticates itself to the devices by sending an IKEv2 RSA signature accompanied by a certificate. carol and dave then set up an EAP-TTLS tunnel each via gateway moon to the policy decision point alice authenticated by an X.509 AAA certificate. In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the health of carol and dave via the IF-TNCCS 2.0 client-server interface defined by RFC 5793 PB-TNC. The communication between IMCs and IMVs is based on the IF-M protocol defined by RFC 5792 PA-TNC.
The HCD IMC on the hardcopy devices carol and dave sends printer attributes to the HCD IMV located on the RADIUS server alice. Because some mandatory HCD attributes are missing, the hardcopy devices carol and dave are blocked from accessing the network behind gateway moon.