Manualshelf

User's Manual

ManualsBrandsToshiba Client Solutions ManualsElectronics802.11a/b/g Mini PCI type 3B Card
61626364656667686970
Security Overview
channel. Shared key authentication requires that the client configure a static WEP key. The client
access is granted only if it passed a challenge based authentication.
802.1x Authentication
How 802.1x authentication works
802.1x features
Overview
802.1x authentication is independent of the 802.11 authentication process. The 802.1x standard provides a
framework for various authentication and key-management protocols. There are different 802.1x authentication
types, each providing a different approach to authentication but all employing the same 802.1x protocol and
framework for communication between a client and an access point. In most protocols, upon the completion of
the 802.1x authentication process, the supplicant receives a key that it uses for data encryption. Refer to How
802.1x authentication works for more information. With 802.1x authentication, an authentication method is used
between the client and a Remote Authentication Dial-In User Service (RADIUS) server connected to the access
point. The authentication process uses credentials, such as a user's password that are not transmitted over the
wireless network. Most 802.1x types support dynamic per-user, per-session keys to strengthen the static key
security. 802.1x benefits from the use of an existing authentication protocol known as the Extensible
Authentication Protocol (EAP).
802.1x authentication for wireless LANs has three main components: The authenticator (the access point), the
supplicant (the client software), and the authentication server (a Remote Authentication Dial-In User Service
server (RADIUS)). 802.1x authentication security initiates an authorization request from the wireless client to
the access point, which authenticates the client to an Extensible Authentication Protocol (EAP) compliant
RADIUS server. This RADIUS server may authenticate either the user (via passwords or certificates) or the
system (by MAC address). In theory, the wireless client is not allowed to join the networks until the transaction
is complete. There are several authentication algorithms used for 802.1x. Some examples are; MD5-Challenge,
EAP-TLS, EAP-TTLS, Protected EAP (PEAP), and EAP Cisco Wireless Light Extensible Authentication
Protocol (LEAP). These are all methods for the wireless client to identify itself to the RADIUS server. With
RADIUS authentication, user identities are checked against databases. RADIUS constitutes a set of standards
addressing Authentication, Authorization and Accounting (AAA). Radius includes a proxy process to validate
clients in a multi-server environment. The IEEE 802.1x standard is for controlling and authenticating access to
port-based 802.11 wireless and wired Ethernet networks. Port-based network access control is similar to a
switched local area network (LAN) infrastructure that authenticates devices that are attached to a LAN port and
prevent access to that port if the authentication process fails.
What is a RADIUS?
RADIUS is the Remote Access Dial-In User Service, an Authorization, Authentication, and Accounting (AAA)
client-server protocol, which is used when a AAA dial-up client logs in or out of a Network Access Server.
Typically, a RADIUS server is used by Internet Service Providers (ISP) to perform AAA tasks. AAA phases are
file:///C|/CX2%20Muroc%20UG/6-15-04/security.htm (2 of 6) [6/15/2004 3:40:11 PM]