Chapter 7

Configuring 802.1x Authentication

802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an authentication framework for wireless LANs (WLANs). 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. The authentication protocols that operate inside the 802.1x framework that are suitable for wireless networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP- Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the client to authenticate the network.

This chapter describes the following topics:

“802.1x Authentication” on page 7-1

“Configuring 802.1x Authentication” on page 7-4

“Advanced Configuration Options for 802.1x” on page 7-6

802.1x Authentication

802.1x authentication consists of three components:

The supplicant, or client, is the device attempting to gain access to the network. You can configure your system to support 802.1x authentication for wired users as well as wireless users.

The authenticator is the gatekeeper to the network and permits or denies access to the supplicants. The WFS709TP ProSafe Smart Wireless Switch acts as the authenticator, relaying information between the authentication server and supplicant. The EAP type must be consistent between the authentication server and supplicant and is transparent to the WFS709TP.

The authentication server provides a database of information required for authentication and informs the authenticator to deny or permit access to the supplicant.

The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS) server that can authenticate either users (through passwords or certificates) or the client computer.

7-1

v1.0, June 2007

Page 125
Image 125
NETGEAR WFS709TP-100NAS manual Chapter Configuring 802.1x Authentication