Client clause checks the value of any Message-Authenticator attribute in incoming EAP or other requests. An incorrect authenticator causes the request to be ignored.

The optional RequireMessageAuthenticator flag causes the clause to require a correct Message-Authenticator attribute to be present in all incoming requests that support Message-Authenticator attribute. Most of the request types support Message-Authenticator. Accounting requests and responses do not support Message-Authenticator.