Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM200
919293949596979899100
Summit WM Technical Reference Guide, Software Version 5.3 97
9 AP as 802.1X supplicant
802.1X is an IEEE standard which addresses the issue of how to provide network access to only
authorized users. The basic idea behind 802.1X is that all network switches (authenticator) that perform
802.1X authentication will only allow 802.1X traffic when a connected device (supplicant) first connect
to them. Only after they have been authenticated and authorized will their normal traffic be allowed to
pass through. In the case of a wired Ethernet, the port through which an authenticated user connected
will be enabled. Authorization in 802.1X is made possible through the use of Extensible Authentication
Protocol (EAP) which allows supplicant requests to be forwarded to the authentication server (usually
RADIUS server). The decision of whether or not to grant access is sent back to the Authenticator.
When configured as a 802.1X supplicant, the AP authenticates itself to the Authentication Server. This
feature solves security issues in deployments where the attacker has physical access to the Ethernet
connector on the AP, but does not have access to the Ethernet switch. For example, an AP placed in
public spaces.
The 802.1X supplicant supports two EAP methods:
EAP-TLS
PEAP
EAP-TLS uses certificates for authentication and PEAP uses a username and password to verify server
side certificates. The EAP protocol includes provision to negotiate the authentication method used by an
authenticator and supplicant.
The 802.1X configuration is performed on a per AP basis. The GUI indicates which AP has 802.1X
credentials, as well as which authentication methods are enabled on the AP.
There are two aspects to the 802.1X feature:
Credential management – Includes requesting, creating, deleting, or invalidating the credentials used
in the authentication process.
Authentication – Involves the actual execution of EAP-TLS or PEAP protocol between the AP and
the Authentication server. The Summit WM Controller plays no part in this process.
To implement the 802.1X supplicant with EAP-TLS, you need to have access to a Certification Authority
(CA). The CA is used for EAP-TLS to generate the certificate.
Credential management
Administrators use the Summit WM Controller to manage the credentials on the AP. EAP-TLS
credentials are the certificate and the private key. EAP-PEAP credentials are a username and password.
The AP securely stores credentials and uses the correct credentials for the authentication type. The AP is
not responsible for generating or requesting the credentials.
Use the Summit WM GUI to create and install the Credentials on the AP. You can install credentials on
an AP individually or use the AP 802.1X Multi-edit page to do bulk credential installations.