Specifications
AP as 802.1X supplicant
Summit WM Technical Reference Guide, Software Version 5.3102
EAP-TLS authentication
Figure 23 below illustrates the EAP-TLS authentication process. The AP is directly connected to the
access port on the authenticator. The AP begins the process by sending an EAP start message to the AU
and responds to the AU identity request. The AP provides the identity in the identity reply. Identity is
presented to the AS and from that moment on, EAP-TLS messages are exchanged between the AS and
the AP.
Figure 23: EAP-TLS authentication
The end result of the EAP-TLS authentication is verification of the AP certificate by the AS server. If
successfully verified, the AU is informed with the EAP success message and the AU opens the port for
all traffic. Otherwise, the AU maintains the port closed, and no other traffic besides .1X EAP messages
are permitted.
In the case of authentication failure, the AP begins the process from the beginning by sending an EAP
start message. If for any reason the AP cannot successfully complete the authentication, it will remain in
this cycle. Status of the EAP-TLS authentication is displayed on the AP LEDs.
1
2
3
5
4
AP with EAP-TLS
credentials
On Ethernet
UP, AP sends
EAP Start
message
AU blocks all AP
traffic and sends EAP
Request Identity
Authenticator (Network
Switch) with Dot1x
enabled port
Network
Network
AP responds
with identity
AP with EAP-TLS
credentials
Authenticator (Network
Switch) with Dot1x
enabled port
RADIUS server informs
AS to open the port
RADIUS server starts
the TLS exchange and
verifies AP certificate