Page 256 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 256
Wireless Networks
Notes authenticated. After the end user logs off, the virtual port being using is changed back to the
unauthorized state.
A benefit of 802.1x is the switches and the access points themselves do not need to know how to
authenticate the client. All they do is pass the authentication information between the client and
the authentication server. The authentication server handles the actual verification of the client’s
credentials. This lets 802.1x support many authentication methods, from simple user name and
password, to hardware token, challenge and response, and digital certificates.
802.1x uses EAP (Extensible Authentication Protocol) to facilitate communication from the
supplicant to the authenticator and from the authenticator to the authentication server.
This figure 14.21 shows the steps of 802.1x and EAP used in authenticating a supplicant:
Figure 14.21: Steps of 802.1x and EAP
Source: http://kb.netgear.com/app/answers/detail/a_id/1209/~/what-is-802.1x-security-authentication-for-wireless-
networks%3F
EAP supports various authentication methods. As a user seeking authentication, you just need
to use a method supported by the authentication server. As an administrator, you need to
select which methods your server will use. 802.1X uses three terms that you need to know. The
user or client that wants to be authenticated is called a supplicant. The actual server doing the
authentication, typically a RADIUS server, is called the authentication server. And the device
in between, such as a wireless access point, is called the authenticator. One of the key points
of 802.1X is that the authenticator can be simple and dumb – all of the brains have to be in
250 LOVELY PROFESSIONAL UNIVERSITY
