beautypg.com

Using 802.1x security – Allied Telesis AT-WL2411 User Manual

Page 132

background image

AT-WL2411 Installation and User’s Guide

132

Using 802.1x Security

802.1x security increases security between the access points and the
wireless end devices by using an 802.1x authentication server (typically a
RADIUS server) to authenticate each device’s initial connection and by
using rotating WEP keys.

To use 802.1x, you must have the following:

❑ an 802.1x authentication server (typically a RADIUS server) on the

network.

❑ an authenticator (typically an access point) on the network

❑ supplicant functionality on the wireless end devices.

Currently, Windows XP devices are shipping with the supplicant
functionality (using the EAP-TLS authentication method) in the
operating system and NDIS 5.1 radio drivers. CE.NET will also have the
same support. Multiple vendors are working on comparable
functionality on other operating systems. For more information on the
availability of supplicants, contact your local Allied Telesyn
representative.

When a wireless end device starts communicating with a wireless
network that has implemented the 802.1x security standard, the
authentication process involves two steps: server side authentication
and client side authentication.

For server side authentication, the 802.1x authentication server sends a
certificate through the authenticator to the supplicant. The supplicant
verifies that the server name is what it expects and that it can unencrypt
the certificate. If the server passes, then it performs client side
authentication. That is, it presents its credentials to the server for
verification in one of these ways:

❑ If the supplicant is using the EAP-TLS authentication method, it

sends a certificate through the authenticator to the 802.1x
authentication server. The server verifies the device’s credentials.
If the credentials are accepted, the device can communicate
through the access point to the network.

❑ If the supplicant is using the EAP-TTLS authentication method, it

sends a user name and password through the authenticator to the
802.1x authentication server. The server compares the login to its
list of authorized logins. If a match is found, the device can
communicate through the access point to the network.

See also other documents in the category Allied Telesis Computer hardware: