802.1x Authentication
How 802.1x Authentication Works
Overview
The 802.1x authentication is independent of the 802.11 authentication process. The
802.1x standard provides a framework for various authentication and key-
management protocols. There are different 802.1x authentication types, each
provides a different approach to authentication but all employ the same 802.1x
protocol and framework for communication between a client and an access point. In
most protocols, upon completion of the 802.1x authentication process, the
supplicant receives a key that it uses for data encryption. See
for more information. With 802.1x authentication, an
authentication method is used between the client and a Remote Authentication Dial-
In User Service (RADIUS) server connected to the access point. The authentication
process uses credentials, such as a user's password that are not transmitted over
the wireless network. Most 802.1x types support dynamic per-user, per-session
keys to strengthen the static key security. 802.1x benefits from the use of an
existing authentication protocol known as the Extensible Authentication Protocol
(EAP).
802.1x authentication for wireless networks has three main components:
●
The authenticator (the access point)
●
The supplicant (the client software)
●
The authentication server (RADIUS)
The 802.1x authentication security initiates an authorization request from the
wireless client to the access point, which authenticates the client to an Extensible
Authentication Protocol (EAP) compliant RADIUS server. This RADIUS server may
authenticate either the user (via passwords or certificates) or the system (by MAC
address). In theory, the wireless client is not allowed to join the networks until the
transaction is complete.
There are several authentication algorithms used for 802.1x. Some examples are:
EAP-TLS, EAP-TTLS, and Protected EAP (PEAP). These are all methods for the
wireless client to identify itself to the RADIUS server. With RADIUS authentication,
user identities are checked against databases. RADIUS constitutes a set of
standards that addresses Authentication, Authorization and Accounting (AAA).
Radius includes a proxy process to validate clients in a multi-server environment.
The IEEE 802.1x standard is for controlling and authenticating access to port-based
802.11 wireless and wired Ethernet networks. Port-based network access control is
similar to a switched local area network (LAN) infrastructure that authenticates
Summary of Contents for Wireless WiFi Link 4965AGN
Page 31: ...Back to Top Back to Contents Trademarks and Disclaimers ...
Page 36: ...Back to Top Back to Contents Trademarks and Disclaimers ...
Page 144: ...Back to Contents Trademarks and Disclaimers ...
Page 152: ...Back to Top Back to Contents Trademarks and Disclaimers ...
Page 174: ......
Page 175: ......
Page 183: ......