AT-OMNI-121 / AT-OMNI-122
64
802.1X Authentication
802.1X is a server-based port authentication which restricts unauthorized (rogue) clients from connecting to a Local
Area Network through a public port. In its simplest form, 802.1X usually involves three parties: supplicant (client
device), authenticator (Ethernet switch or WAP), and an authentication server. Before the device is permitted on
the network, port communication is restricted to Extensible Authentication Protocol over LAN (EAPOL) traffic. If the
device passes the authentication process, the authentication server notifies the switch, allowing the client to access
the LAN. The illustration below shows the basic architecture.
Three options are available on both the OmniStream encoder and decoder.
Ethernet
(EAPOL)
EAP*
EAP
Ethernet
(RADIUS)
Ethernet
(Normal tr
affic)
Supplicant
(Encoder or Decoder)
Authenticator
(Switch)
* Extensible Authentication Protocol
Authentication
Server
LAN
HD
MI
PW
R
LIN
K
TM
OM
NIS
TREAM
VOLUME
DISPLA
Y
INPUT
ID
1
2
1
2
Protocol
Description
none
802.1X protocol disabled
PEAP/MSCHAPv2
Protected EAP; requires basic credentials in addition to a CA (certificate authority)
certificate.
EAP-TLS
EAP Transport Layer Security; requires a client certificate, client private key, and CA
(certificate authority) certificate.
WARNING:
Connecting an 802.1X-enabled decoder to a network without an active or operational
authentication server, will result in a decoder that does not function until the expected message
is returned from a RADIUS server. If it is unclear as to whether the network uses 802.1X
authentication, consult the IT administrator for assistance.
Advanced Operation