User's Manual
There are several authentication algorithms used for 802.1x. Some examples
are: EAP-TLS, EAP-TTLS, and Protected EAP (PEAP). These are all methods for
the wireless client to identify itself to the RADIUS server. With RADIUS
authentication, user identities are checked against databases. RADIUS
constitutes a set of standards addressing Authentication, Authorization and
Accounting (AAA). Radius includes a proxy process to validate clients in a
multi-server environment. The IEEE 802.1x standard is for controlling and
authenticating access to port-based 802.11 wireless and wired Ethernet
networks. Port-based network access control is similar to a switched local area
network (LAN) infrastructure that authenticates devices that are attached to a
LAN port and prevent access to that port if the authentication process fails.
What is RADIUS?
RADIUS is the Remote Access Dial-In User Service, an Authorization,
Authentication, and Accounting (AAA) client-server protocol, which is used
when a AAA dial-up client logs in or out of a Network Access Server. Typically,
a RADIUS server is used by Internet Service Providers (ISP) to perform AAA
tasks. AAA phases are described as follows:
● Authentication phase: Verifies a user name and password against a
local database. After the credentials are verified, the authorization
process begins.
● Authorization phase: Determines whether a request is allowed access
to a resource. An IP address is assigned for the dial-up client.
● Accounting phase: Collects information on resource usage for the
purpose of trend analysis, auditing, session time billing, or cost
allocation.
How 802.1x Authentication Works
A simplified description of 802.1x authentication is:
● A client sends a "request to access" message to an access point. The
access point requests the identity of the client.
● The client replies with its identity packet which is passed along to the
authentication server.
● The authentication server sends an "accept" packet to the access point.