How 802.1X Works

The network elements in the above graphics are those involved in a typical wireless LAN. When 802.1X is running, a wireless device must authenticate itself with the AP in order to get access to the Existing LAN. With respect to the terms used in the 802.1X standard, APs (APs) function as authenticators and wireless devices function as supplicants. The authenticator keeps a control port status for each Client it is serving. If a Client has been authenticated, its control port status is said to be Authorized, and the Client can send application data to the LAN through the AP. Otherwise, the control port status is said to be Unauthorized, and application data cannot traverse the AP.

Typical Message Exchange Using MD5 or TLS

The above graphic displays the typical message exchange when the device and the AP support 802.1X. When an AP acting as an authenticator detects a wireless station on the LAN, it sends an EAP-Request for the user's identity to the terminal. In turn, the terminal responds with its identity, and the AP relays this identity to an authentication server, which is typically an external RADIUS server.

The RADIUS server can then act as a central repository of user profile information. Such use of a centralized authentication server allows the user to access wireless LANs at many different points, but still be authenticated against the same server. In response to the Access-Request, the RADIUS server sends an Access-Challenge to the AP, which is then relayed in the form of an EAP-Request to the device. The device sends its credentials to the AP, which in turn relays them to the RADIUS server. The RADIUS server determines whether access to the network is accepted or denied based on the Client's credentials.

Dolphin® 7900 Series User’s Guide

Rev D

9 - 31

Page 131
Image 131
Hand Held Products 7900 manual How 802.1X Works, Typical Message Exchange Using MD5 or TLS