The roadwarriors carol and dave set up a connection each to gateway moon using EAP-TTLS authentication only with the gateway presenting a server certificate and the clients doing EAP-MD5 password-based authentication.
In a next step the RFC 7171 PT-EAP transport protocol is used within the EAP-TTLS tunnel to determine the health of carol and dave via the IF-TNCCS 2.0 client-server interface compliant with RFC 5793 PB-TNC. The IMCs and IMVs exchange messages over the IF-M protocol defined by RFC 5792 PA-TNC.The first time the TNC clients carol and dave send their measurements, TNC server moon requests a handshake retry. In the retry carol succeeds and dave fails. Thus based on this second round of measurements the clients are connected by gateway moon to the "rw-allow" and "rw-isolate" subnets, respectively.