Appendix C: 802.1X Authentication Setup; 802.1X Authentication Infrastructure - TRENDnet TEW-310APB User Manual

APPENDIX C: 802.1x Authentication Setup

There are three essential components to the 802.1x infrastructure: (1) Supplicant, (2) Authenticator
and (3) Server. The 802.1x security supports both MD5 and TLS Extensive Authentication
Protocol (EAP). The 802.1x Authentication is a complement to the current WEP encryption used
in wireless network. The current security weakness of WEP encryption is that there is no key
management and no limitation for the duration of key lifetime. 802.1x Authentication offers key
management, which includes key per user and key per session, and limits the lifetime of the keys to
certain duration. Thus, key decryption by unauthorized attacker becomes extremely difficult, and
the wireless network is safely secured. We will introduce the 802.1x Authentication infrastructure
as a whole and going into details of the setup for each essential component in 802.1x authentication.

802.1x Authentication Infrastructure

The Infrastructure diagram showing above illustrates that a group of 802.11 wireless clients is
trying to form a 802.11 wireless network with the Access Point in order to have access to the
Internet/Intranet. In 802.1x authentication infrastructure, each of these wireless clients would have
to be authenticated by the Radius server, which would grant the authorized client and notified the
Access Point to open up a communication port to be used for the granted client. There are 2
Extensive Authentication Protocol (EAP) methods supported: (1) MD5 and (2) TLS.
MD5 authentication is simply a validation of existing user account and password that is stored in the
server with what are keyed in by the user. Therefore, wireless client user will be prompted for
account/password validation every time when he/she is trying to get connected. TLS authentication
-61-