Secure Connections; Figure 5-1 Eap Authentication - ZyXEL Communications Vantage RADIUS 50 User Manual

Vantage RADIUS User's Guide
5.3

Secure Connections

Vantage RADIUS authenticates wireless clients using secure connections. The access point and Vantage
RADIUS use a shared secret key, which is a password that must be configured on both. The key is not sent
over the network. In addition to the shared key, password information exchanged over the wired network is
also encrypted to protect it from unauthorized access.
5.3.1 EAP Authentication Overview
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact
with an EAP-compatible RADIUS server, the access point helps a wireless station and the RADIUS server
perform authentication.
Vantage RADIUS supports PEAP and EAP-MD5 (Message-Digest Algorithm 5). Refer to the Types of
EAP Authentication appendix for descriptions on common types.
The following figure shows an overview of authentication when you specify a RADIUS server on your
access point.
The details below provide a general description of how IEEE 802.1x EAP authentication works.
•
The wireless station sends a "start" message to the access point.
•
The access point sends a "request identity" message to the wireless station for identity information.
•
The wireless station replies with identity information, including username and password.
•
The access point sends this information to the RADIUS server.
5-2

Figure 5-1 EAP Authentication

RADIUS Configuration