The IEEE 802.1X specification describes a protocol that can be used for authenticating both clients and servers on a network. The authentication algorithms and methods are those provided by the Extensible Authentication Protocol (EAP), a method of authentication that has been in use for a number of years on networks that provide Point-to-Point Protocol (PPP) support as many internet service providers and enterprises do.

When an AP acting as an authenticator detects a wireless station on the LAN, it sends an EAP-Request for the user's identity to the device. (EAP, or the Extensible Authentication Protocol, is an authentication protocol that runs before network layer protocols transmit data over the link.) In turn, the device responds with its identity, and the AP relays this identity to an authentication server, which is typically an external RADIUS server.

An example for MD5 Authentication

IEEE 802.1x

RADIUS

 

RADIUS

Access Client

Client

3

Server

 

1

 

 

 

 

Access Point

2

4

(1)Client requests to login the network.

(2)Login with username, password.

Windows 2000 IAS

(Internet Authentication

Service)

(3)Send username, password to RADIUS server.

(4)Approve or deny user

login to the LAN.

15

Page 17 Page 19
Page 18
Image 18
Topcom 4001G manual Radius
Page 17 Page 19
Top Page Image Contents