Table of Contents
Advertisement
1. The supplicant sends an authentication request containing identification and
connection information to the authenticator.
2. The authenticator performs an initial negotiation with the supplicant to establish
connection information (username, password, etc). The authenticator then forwards
the user information in an authentication request to the RADIUS Server.
3. The RADIUS Server looks up the supplicant information in a local or remote
RADIUS database.
4. If the information is found, the RADIUS server responds with a success message,
which is then passed onto the supplicant. The authenticator now allows access to the
network with possible restrictions based on attributes that came back from the
authentication server. For example, the authenticator might switch the supplicant to a
particular virtual LAN. If the information is not found, the RADIUS server responds
with a reject message.
5. Based on the information it receives from the RADIUS server, the authenticator
accepts or refuses the connection request.
6.1.2 MAC Authentication
Although 802.1x authentication addresses security issue for the wireless network, its
implementation may not be practical for every wireless devices (e.g. PDA) because it
requires supplicant software to be installed on all wireless client machines.
Cedar 880AG Enterprise Dual-Radio AP/Bridge
Figure 6.1 802.1x authentication sequence
37
Advertisement
Table of Contents
