|< Day Day Up >|| |
802.1X is an IEEE standard for wireless connectivity that uses port-based access control. It falls under the influence of the initial IEEE standard 802.11 for Wireless Local Area Networks (WLANs). The IEEE (Institute of Electrical and Electronics Engineers) and the standards that apply to networking technologies in general are explained in Chapter 4. In this chapter, we will discuss all of the IEEE 802.11 standards for wireless networking.
The 802.1X standard is designed to provide a better framework that supports improved security for users on wireless networks by the implementation of centralized authentication. 802.1X uses the Extensible Authentication Protocol (EAP), which enables the technology to work with wireless, Ethernet, and Token Ring networks.
With 802.1X authentication, a wireless client who wishes to connect to and be authenticated on network is called a supplicant. The supplicant must first request access from an access point, which is also known as an authenticator. If the access point detects the request for access from the supplicant, the access point will enable the supplicant’s port and only let 802.1X traffic be transmitted. This allows the client to transmit a start-up message known as an EAP start message; the supplicant’s identity and credentials are then provided to the access point.
Next, the access point transmits the information to an authentication server, which is typically a server that runs RADIUS (Remote Authentication Dial-In User Service). The authentication server can use various algorithms to allow the user to be authenticated, eventually. Once the server authenticates the validity of the user, it will transmit either an acceptance or rejection acknowledgement of the client’s request to the access point. If the access point receives positive feedback from the RADIUS authentication server, the access point will enable or activate the supplicant’s port for normal network traffic. See Figure 3.1 for a visual regarding 802.1X authentication.
Figure 3.1: 802.1X authentication.
To best understand this process, match the following descriptions with their corresponding numeric values in Figure 3.1:
A start message is sent from the remote client to the access point and the access point asks the client for identification.
The client sends its identity to the access point. The access then transmits or forwards the client’s identity to an authentication server.
The authentication server transmits an accept or reject message to the access point.
If the access point receives an accept message from the authentication server, the client’s port activates and the client is allowed to communicate with the server.
The 802.1X standard is fairly new and it is likely that CompTIA will target it on the exam specifically within a wireless or remote connectivity related question.
Microsoft does a great job explaining this technology. If you are interested in learning more about 802.1X, you may find the following site very informative: http://www.microsoft.com/windowsxp/pro/techinfo/planning/wirelesslan/solutions.asp .
|< Day Day Up >|| |