16
The IEEE 802.1X specification describes a protocol that can be used for authenticating both clients and
servers on a network. The authentication algorithms and methods are those provided by the Extensible
Authentication Protocol (EAP), a method of authentication that has been in use for a number of years
on networks that provide Point-to-Point Protocol (PPP) support as many internet service providers and
enterprises do.
When an AP acting as an authenticator detects a wireless station on the LAN, it sends an EAP-Request
for the user's identity to the device. (EAP, or the Extensible Authentication Protocol, is an authentication
protocol that runs before network layer protocols transmit data over the link.) In turn, the device
responds with its identity, and the AP relays this identity to an authentication server, which is typically
an external RADIUS server.
An example for MD5 Authentication
RADIUS
Server
Windows 2000 IAS
(Internet Authentication
Service)
IEEE 802.1x
Access Client
Access Point
RADIUS
Client
1
2
3
4
(2) Login with username,
password.
(1) Client requests to login the
network.
(4) Approve or deny user
login to the LAN.
(3) Send username, password to
RADIUS server.