The IEEE 802.1X specification describes a protocol that can be used for authenticating both clients and servers on a network. The authentication algorithms and methods are those provided by the Extensible Authentication Protocol (EAP), a method of authentication that has been in use for a number of years on networks that provide Point-to-Point Protocol (PPP) support as many internet service providers and enterprises do.

When an AP acting as an authenticator detects a wireless station on the LAN, it sends an EAP-Request for the user's identity to the device. (EAP, or the Extensible Authentication Protocol, is an authentication protocol that runs before network layer protocols transmit data over the link.) In turn, the device responds with its identity, and the AP relays this identity to an authentication server, which is typically an external RADIUS server.

An example for MD5 Authentication

IEEE 802.1x

RADIUS

 

Access Client

Client

3

 

1

 

 

Access Point

2

4

RADIUS Server

(1)Client requests to login the network.

(2)Login with username, password.

Windows 2000 IAS

(Internet Authentication

Service)

(3)Send username, password to RADIUS server.

(4)Approve or deny user

login to the LAN.

16

Page 21
Image 21
Edimax Technology Adaptor user manual Radius