2Wire 3800HGV-B 802.1x Setup

Networking Technology Overview

Wireless. The 2Wire gateway includes an integrated wireless access point, which allows users to roam

wirelessly throughout the home or office. 2Wire's high-powered wireless technology virtually eliminates

wireless “coldspots” in the home. The 2Wire gateway’s high power 400mW transmitter ensures that users

benefit from increased wireless bandwidth throughout the coverage area. In addition, the 2Wire gateway

employs a special triple antenna design. The third antenna is used only for transmitting packets, thus

mitigating the power loss associated with switching the antenna use back and forth between transmit and

receive. This results in greater access point sensitivity, as antenna placement can be better optimized with

a dedicated set of receive-only antennas.

MoCA. MoCA technology allows users to easily share digital entertainment throughout the home using the

existing coax cable infrastructure to distribute content such as video (SDTV and HDTV), music, games, and

images. MoCA provides the following benefits:

• Multi-room HDTV DVR. Allows users to record and share digital videos simultaneously in every room.

• Multi-room gaming. Allows users to access games from various locations in the home and play

simultaneously.

• PC to TV. Allows users to merge data and video-centric networks throughout the home.

802.1X Authentication. 802.1X Authentication provides port-based authentication using certificates.

These certificates reside in the RADIUS authentication server and the 3700HGV-B gateway, and are signed

by a Certificate Authority (CA). When the RADIUS server and the gateway successfully exchange certificates,

access to the network is allowed.

Prior to authentication, only limited security traffic (Layer 1 and Layer 2) is allowed on ports. After

authentication, ports open up for all other traffic (such as DHCP, IP, or Layer 3 and above).

The VDSL DSLAM is the authenticator between the 3700HGV-B and the RADIUS server. The RADIUS server

provides authentication and authorization for the 3700HGV-B, and decides if the VDSLAM will open the port

for upper layer traffic. The 3700HGV-B and RADIUS server will exchange certificates to provide mutual

authentication. They will ensure that the certificate was issued from a trusted CA and that the certificates

are valid, and other related information.

If the VDSL DSLAM port is not configured for 802.1X, the 3700HGV-B attempts to authenticate 3 times. If it

cannot authenticate, it bypasses 802.1X authentication. This does not mean that the 3700HGV-B will be

allowed on the network, just that it does not attempt the authentication again until power cycled or the

network requests it.

802.1x Setup

RADIUS

VDSL DSLAM

(Authenticator)

VDSL HomePortal

(Supplicant) RADIUS Server

(Authentication

Server)

EAP/TLS EAP to Radius