Enterprise WLAN Authentication
How 802.1x works

Figure provides an overview of how 802.1x works. After the client has associated to the access point, the supplicant starts the process for using EAPOL (EAP over LAN) by asking the user for their logon and password.

The client responds with their username and password. Using 802.1x and EAP the supplicant then sends the username and a one-way hash of the password to the access point. The access point then encapsulates the request and sends the request to the RADIUS server listed in the Server Manager, shown in Figure .

The RADIUS server then checks the username and password against the database to determine if the client should be authenticated on the network. If the client is to be authenticated, the RADIUS server then issues an access challenge, which is passed to the access point and then sent to the client.

The client sends the EAP response to the access challenge to the RADIUS server via the access point.

If the client sends the proper response then the RADIUS server sends an access success message and session WEP key (EAP over Wireless) to the client via the access point. The same session WEP key is also sent to the access point in a success packet.

The client and the access point then begin using session WEP keys. The WEP key used for multicasts is then sent from the access point to the client. It is encrypted using the session WEP key.

Upon client log off, the access point returns to the initial state, allowing only 802.1x traffic to pass.


Interactive Media Activity

Interactive Activity: Security Issues

This activity is a sequence of interactive animations that demonstrate how security works in wireless, and how 802.1x addresses 802.11 security issues.

Resources

Enabling Cisco LEAP for ACU 4.15.006

Resources

Configuring Cisco ACS