Figure
provides an
overview of how 802.1x works. After the client has associated to the access
point, the supplicant starts the process for using EAPOL (EAP over LAN) by
asking the user for their logon and password.
The client responds with
their username and password. Using 802.1x and EAP the supplicant then sends the
username and a one-way hash of the password to the access point. The access
point then encapsulates the request and sends the request to the RADIUS server
listed in the Server Manager, shown in Figure
.
The RADIUS server then checks the username and password against the database
to determine if the client should be authenticated on the network. If the
client is to be authenticated, the RADIUS server then issues an access
challenge, which is passed to the access point and then sent to the client.
The client sends the EAP response to the access challenge to the RADIUS
server via the access point.
If the client sends the proper response
then the RADIUS server sends an access success message and session WEP key (EAP
over Wireless) to the client via the access point. The same session WEP key is
also sent to the access point in a success packet.
The client and the
access point then begin using session WEP keys. The WEP key used for multicasts
is then sent from the access point to the client. It is encrypted using the
session WEP key.
Upon client log off, the access point returns to the
initial state, allowing only 802.1x traffic to pass.
This
activity is a sequence of interactive animations that demonstrate how security
works in wireless, and how 802.1x addresses 802.11 security issues.