Enterprise WLAN Authentication
802.1x basics

802.1x requires support on the client, access point, and authentication server, as illustrated by Figure . 802.1x uses a RADIUS proxy to authenticate clients on the network. This proxy device could be a device such as a switch or an access point. This device operates at the access layer.

The EAP client or supplicant sends authentication credentials to the authenticator which in turn sends the information to the authentication server. The authentication server is where the logon request is compared against a user database to determine if, and at what level, the user may be granted access to the network resources. The access point is called the authenticator. The authentication server is usually a RADIUS or an authentication, authorization, and accounting (AAA) server. The authentication server needs to run extra software to understand the authentication type that is used by the client.

Any client that does not have built in 802.1x must use software called a supplicant. Figure shows the Microsoft Windows 2000 client. Microsoft XP has built in EAP which provides 802.1x support. Figure shows the Cisco LEAP client. The client must have some proof of identity. Forms of identity include a username and password, digital certificate, or one-time password (OTP).


Web Links