ZyAIR B-2000 Wireless LAN Gateway with 4-Port Switch

4.3Network Authentication

Before a wireless client can communicate on your network through your ZyAIR, it must be authenticated by the ZyAIR or your network.

4.3.1 EAP

EAP is an authentication protocol designed originally to run over PPP (Point-to-Point Protocol) frame in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless client and a RADIUS server to perform mutual authentication.

4.3.2 RADIUS

RADIUS is based on a client-sever model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks:

Authentication

Determines the identity of the users.

Authorization

Determines the network services available to authenticated users once they are connected to the network.

Accounting

Keeps track of the client’s network activity.

RADIUS is a simple package exchange in which your ZyAIR acts as a message relay between the wireless client and the network RADIUS server.

Types of RADIUS Messages

The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication:

Access-Request

Sent by an access point requesting authentication.

Access-Reject

Sent by a RADIUS server rejecting access.

Wireless LAN Security Setup

4-3