P-870HN-5
x
b Support Notes
All contents copyright (c) 2009 ZyXEL Communications Corporation.
the authenticator by using the client’s MAC address. While the AP is setup as
Auto
,
only the Wireless client supporting the 802.1x client can access the network.
Re-Authentication
The administrator can enable the periodic 802.1x client re-authentication and
specify how often it occurs. When the re-authentication is time out, the
authenticator will send the EAP-Request/Identity to reinitiate authentication process.
In the ZyXEL Wireless AP 802.1x implementation, if you do not specify a time period
before enabling the re-authentication, the number of seconds between
re-authentication attempts is 1,800 seconds (30 minutes).
EAPOL (Extensible Authentication Protocol over LAN)
The authenticators and supplicants communicate with one another by using the
Extensible Authentication Protocol (EAP and RFC-2284). The EAP was originally
designed to run over PPP and to authenticate the dial-in users, but the 802.1x
defines an encapsulation method for passing the EAP packets over Ethernet frames.
This method is referred to as the
EAP over LANs, or EAPOL
. Ethernet type of EAPOL
is
88-8E
, two octets in length. The EAPOL encapsulations are described for IEEE 802
compliant environment, such as the 802.3 Ethernet, 802.11 Wireless LAN and Token
Ring/FDDI.
The EAP protocol can support multiple authentication mechanisms, such as
MD5-challenge, One-Time Passwords, Generic Token Card, TLS and TTLS etc.
Typically, the authenticator will send an initial Identity Request followed by one or
more Requests for authentication information. When supplicant receives the EAP
request, it will reply the associated EAP response. So far, the ZyXEL Wireless AP only
supports the MD-5 challenge authentication mechanism, but will support the TLS
and TTLS in the future.