- 16 -
The
IEEE 802.1X
specification describes a protocol used for authenticating both clients
and servers on a network. The authentication algorithms and methods are those provided
by the
Extensible Authentication Protocol (EAP)
, a method of authentication that has
been in use for a number of years on networks that provide
Point-to-Point Protocol
(PPP)
support as many internet service providers and enterprises do.
When an AP acting as an authenticator detects a wireless station on the LAN, it sends an
EAP-Request for the user's identity to the device. (
EAP
, the Extensible Authentication
Protocol, is an authentication protocol that runs before network layer protocols transmit
data over the link.) In turn, the device responds with its identity, and the AP relays this
identity to an authentication server, which is typically an external
RADIUS
server.
An example for MD5 Authentication
RADIUS
Server
Windows 2000 IAS
(Internet Authentication
Service)
IEEE 802.1x
Access Client
Access Point
RADIUS
Client
1
2
3
4
(2) Login with username,
password.
(1) Client requests to login the
network.
(4) Approve or deny user
login to the LAN.
(3) Send username, password to
RADIUS server.
4.1.3.3 802.1x
Setting-Certification