Authenticating with 802.1X
802.1X was developed to secure wired ports by placing the port in a ‘blocking’ state until authentication completed using Extensible Authentication Protocol (EAP). EAP is a framework and allows many different authentication types to take place within the EAP authentication system; Protected EAP (PEAP) is most commonly used in wireless. In this mode, a TLS tunnel is created and user credentials are passed to the authentication server within the tunnel. When the authentication is complete, the client and the Mobility Controller both have copies of the keys used to protect the user session.
Station
Associate
Associate response
EAP request identity
EAP response
EAP exchange
Key1
Key2
Key3
Key4
AP
802.11 Association |
| 802.1X Authentication |
|
42 Mobility Controller Configuration | Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide |
