User’s Manual
39/73
Ver. [E.1.1]
Figure 34 MAC Filtering
11.12. IEEE
802.1x
The IEEE 802.1x is the standard Port Access Protocol that authenticates the user via
the Radius Authentication Server. By using the information from the user’s PC
(Authenticator, ID, Password, etc.) it is authenticated to control access to a wireless
network. For these procedures, the Extensible Authentication Protocol (EAP) is used
between the Radius Authentication Server and the user’s PC in the standard of IEEE
802.1x. The information from the user’s PC, passing through the EAP, can be
verified by the Radius Authentication Server. Depending upon its verification it
should decide to connect to a wireless network. Depending upon the types and
results of the authentication the Dynamic Unicast Session Key or Static Broadcast
Key which the IEEE 802.1x EAP packets contain is transferred to the authenticated
user’s PC. The Session Key can be different for each authenticated user’s PC. This
information can be utilized to encapsulate the data that are between the DosaLink –
540 and the authenticated user’s PC.
The DosaLink – 540 supports the following authentications:
•
EAP-MD5 (Message Digest): This type of EAP authentication offers the basic
level of EAP. User ID and User Password of the user’s PC are used for
authentication. Since MD5 algorithm is used one-way harsh function, the
authentication between the user’s PC and the Radius Authentication Server
is processed one-way.
•
EAP-TLS (Transport Layer Security): EAP-TLS provides for mutual
authentication based on the certificates between the user’s PC and the
Radius Authentication Server. The keys for authentication are generated
dynamically.
