Chapter 4 802.1X Authentication Setup
4.1 802.1X Infrastructure
An 802.1X Infrastructure is composed of three major components: Authenticator, Authentication server, and Supplicant.
Authentication server: An entity that provides an authentication service to an authenticator. This service determines, from the credentials provided by the supplicant, whether the supplicant is authorized to access the services provided by the authenticator.
Authenticator: An entity at one end of a
Supplicant: An entity at one end of a
In the following sections, we will guide you to build an 802.1X Infrastructure step by step. The instructions are divided into three parts:
RADIUS Server Setup: Microsoft Windows 2000 server.
Authenticator Setup:
Wireless Client Setup: Microsoft Windows XP.
The above graph shows the network topology of the solution we are going to introduce. As illustrated, a group of wireless clients is trying to build a wireless network with
MD5 authentication is simply a validation of existing user account and password that is stored in a database of RADIUS server. Therefore, wireless clients will be prompted for account/password validation to build the link. TLS authentication is a more complicated authentication, which is using certificate that is issued by RADIUS server for authentication. TLS authentication is a more secure authentication, since not only RADIUS server authenticates the wireless client, but also the client can validate RADIUS server by the certificate that it issues. The TLS authentication request from wireless clients and reply by Radius Server and
1.The client sends an EAP start message to
2.
3.The client sends its Network Access Identifier (NAI) – its user name – to
4.
5.The RADIUS server responds to the client with its digital certificate.
-31 -