Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller

121

122

123

124

125

126

127

128

129

130

Transparent 802.1x Authentication

BlueSecure™ Controller Setup and Administration Guide 6-17

Transparent 802.1x Authentication

802.1x is an IEEE standard that enables authentication and key management for LANs.

Although originally designed as a port authentication scheme for wired networks, it has

recently been applied to address some security issues surrounding wireless LANs. 802.1x

uses the Extensible Authentication Protocol (EAP) as a framework for authentication,

allowing it to leverage a variety of existing EAP methods and authentication servers.

If you configure the BSC to support Transparent 802.1x authentication, the BSC monitors

the exchange between the user/wireless access point and the 802.1x RADIUS server.

The BSC then transparently authenticates the user into a role without the need for the user

to first log into the BSC.

Sequence of

Events

In Transparent 802.1x authentication, the BSC monitors the exchange between the user/

wireless access point and the 802.1x RADIUS server. The BSC then transparently

authenticates the user into a role without the need for the user to first log into the BSC. The

following figure illustrates how a wireless user is authenticated in an 802.1x environment.

The figure illustrates this sequence of events associated with 802.1x user authentication:

1. The wireless client associates with an access point.

2. The access point blocks all traffic from the client except 802.1x/EAP traffic.

3. EAP traffic is passed to the server for authentication.

4. The user is authenticated and receives a per user/per session WEP (or WPA) key for

encrypting data as it passes through the wireless link.

5. The BSC receives the 802.1x user authentication and assigns the user a role.

)

Note: Some Transparent 802.1x authentication methods use rapid re-keying to change

the WEP key at regular intervals. This makes decoding the key more difficult.

EAP methods

supported

The BSC's implementation of Transparent 802.1x authentication supports the following

802.1x EAP methods:

• MD5 (Message Digest 5)

• Cisco-LEAP (Lightweight Extensible Authentication Protocol)

• EAP-TLS (Extensible Authentication Protocol - Transport Layer Security)

• PEAP - (Protected Extensible Authentication Protocol)

• TTLS - (Tunneled Transparent Layer Security)

To configure an external Transparent 802.1x authentication server and define the rules

used for authentication:

Figure 6-6: User Authentication in an 802.1x Environment

Power

Reset

WG-2100 W ireles s Gatewa y

802.1x Client

(Supplicant)

Access

Point

Bluesocket BSC

Authentication

Server

1. 2. 3. 4.5.