Intel 3945ABG User Manual
Page 134
There are different 802.1x authentication types, each provides a different approach to
authentication but all employ the same 802.1x protocol and framework for communication
between a client and an access point. In most protocols, upon the completion of the 802.1x
authentication process, the supplicant receives a key that it uses for data encryption. Refer
to
How 802.1x authentication works
for more information. With 802.1x authentication, an
authentication method is used between the client and a Remote Authentication Dial-In User
Service (RADIUS) server connected to the access point. The authentication process uses
credentials, such as a user's password that are not transmitted over the wireless network.
Most 802.1x types support dynamic per-user, per-session keys to strengthen the static key
security. 802.1x benefits from the use of an existing authentication protocol known as the
Extensible Authentication Protocol (EAP).
802.1x authentication for wireless LANs has three main components:
●
The authenticator (the access point)
●
The supplicant (the client software)
●
The authentication server (a Remote Authentication Dial-In User Service server
[RADIUS])
802.1x authentication security initiates an authorization request from the wireless client to
the access point, which authenticates the client to an Extensible Authentication Protocol
(EAP) compliant RADIUS server. This RADIUS server may authenticate either the user (via
passwords or certificates) or the system (by MAC address). In theory, the wireless client is
not allowed to join the networks until the transaction is complete.
There are several authentication algorithms used for 802.1x. Some examples are: EAP-TLS,
EAP-TTLS, and Protected EAP (PEAP). These are all methods for the wireless client to
identify itself to the RADIUS server. With RADIUS authentication, user identities are checked
against databases. RADIUS constitutes a set of standards addressing Authentication,
Authorization and Accounting (AAA). Radius includes a proxy process to validate clients in a
multi-server environment. The IEEE 802.1x standard is for controlling and authenticating
access to port-based 802.11 wireless and wired Ethernet networks. Port-based network
access control is similar to a switched local area network (LAN) infrastructure that
authenticates devices that are attached to a LAN port and prevent access to that port if the
authentication process fails.
What is RADIUS?
RADIUS is the Remote Access Dial-In User Service, an Authorization, Authentication, and
Accounting (AAA) client-server protocol, which is used when a AAA dial-up client logs in or
out of a Network Access Server. Typically, a RADIUS server is used by Internet Service
Providers (ISP) to perform AAA tasks. AAA phases are described as follows:
●
Authentication phase: Verifies a user name and password against a local database.
After the credentials are verified, the authorization process begins.
●
Authorization phase: Determines whether a request is allowed access to a resource.