Secure 802.1X Security - Motorola CB3000 User Manual

D-7
D.4 Secure 802.1x Security
The Secure 802.1x security option feature provides the CB3000 Client Bridge and its associated clients an
additional measure of security for data transmitted over the wireless network. Secure 802.1x uses the
Extensible Authentication Protocol (EAP) as an authentication mechanism between devices achieved through
the exchange and verification of certificates.
The IEEE 802.1x standard ties the 802.1x EAP authentication protocol to both wired and wireless LAN
applications. EAP provides an effective authentication scheme with or without IEEE 802.1x Wired Equivalent
Privacy (WEP) encryption. EAP supports multiple authentication measures, allowing the authentication
server to exercise full control.
The EAP process begins when an unauthenticated supplicant (client device) tries to connect with an
authenticator (in this case, the CB3000 Client Bridge). The CB3000 Client Bridge passes EAP packets from
the client to an authentication server on the wired side of the CB3000 Client Bridge. All other packet types
are blocked until the authentication server (typically, a RADIUS server) verifies the MU's identity.
Using Secure 802.1x, a user requests device connection through the CB3000 Client Bridge. The CB3000 Client
Bridge then requests the identity of the user and transmits that identity to an authentication server. The
server prompts the CB3000 Client Bridge for proof of identity (supplied to the CB3000 Client Bridge by the
user) and then transmits the user data back to the server to complete the authentication. A client should not
be able to access the network if not authenticated.
For detailed steps on configuring 802.1x for the CB3000 Client Bridge, see Configuring Secure 802.1x
Security Settings on page 3-27.