Wpa/Wpa2 Authentication: Enterprise-Level User Authentication Via 802.1X/Eap And Radius - NETGEAR RangeMax WPN824 Reference Manual

Reference Manual for the RangeMax Wireless Router WPN824
WPA/WPA2 Authentication: Enterprise-level User
Authentication via 802.1x/EAP and RADIUS
Wireless LAN
WPA/WPA2
enabled
wireless
client with
"supplicant"
Figure D-3: WPA/WPA2 Overview
IEEE 802.1x offers an effective framework for authenticating and controlling user traffic to a
protected network, as well as providing a vehicle for dynamically varying data encryption keys via
EAP from a RADIUS server, for example. This framework enables using a central authentication
server, which employs mutual authentication so that a rogue wireless user does not join the
network.
It is important to note that 802.1x does not provide the actual authentication mechanisms. When
using 802.1x, the EAP type, such as Transport Layer Security (EAP-TLS), or EAP Tunneled
Transport Layer Security (EAP-TTLS), defines how the authentication takes place.
Note: For environments with a Remote Authentication Dial-In User Service (RADIUS)
infrastructure, WPA supports Extensible Authentication Protocol (EAP). For environments
without a RADIUS infrastructure, WPA supports the use of a pre-shared key.
Together, these technologies provide a framework for strong user authentication.
Windows XP implements 802.1x natively, and several NETGEAR switch and wireless access
point products support 802.1x.
D-12
WPA/WPA2
enabled
Authenticated
Access Point
using
pre-shared key
Ports Opened
or 802.1x
Authenticated
202-10072-01, March 2005
Wired Network with Optional
802.1x Port Based Network
Access Control
TCP/IP
Ports Closed
Until
RADIUS Server
Authentication
TCP/IP
After
Certificate
Authority
(for
Login
example
Win Server,
VeriSign)
Wireless Networking Basics