The roadwarriors carol and dave set up a connection each to gateway moon using EAP-TTLS authentication only with the gateway presenting a server certificate and the clients doing EAP-MD5 password-based authentication.
In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the health of TNC client carol via the TNCCS 1.1 client-server interface and of TNC client dave via the TNCCS 2.0 client-server interface. TNC server moon dynamically detects which version of the IF-TNCCS protocol is used.carol passes the health test and dave fails. Based on these measurements the clients are connected by gateway moon to the "rw-allow" and "rw-isolate" subnets, respectively.