NETGEAR WAG511 User Manual page 76

User's Manual for the NETGEAR Dual Band Wireless PC Card 32-bit CardBus WAG511
IEEE 802.1x offers an effective framework for authenticating and controlling user traffic to a
protected network, as well as dynamically varying encryption keys. 802.1x ties a protocol called
EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports
multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates,
and public key authentication. For details on EAP specifically, refer to IETF's RFC 2284.
1
Figure B-4: 802.1x authentication
After associating with a wireless access point, the client sends an EAP-start message. This
1.
begins a series of message exchanges to authenticate the client.
The access point replies with an EAP-request identity message.
2.
The client sends an EAP-response packet containing the identity to the authentication server.
3.
The authentication server uses a specific authentication algorithm to verify the client's identity.
4.
This could be through the use of digital certificates or other EAP authentication type.
The authentication server will either send an accept or reject message to the access point.
5.
The access point sends an EAP-success packet (or reject packet) to the client.
6.
B-12
2
6 5
7
202-10041-01 September 2004
3
4
Wireless Networking Basics