X Authentication Infrastructure; Appendix D: 802.1X Authentication Setup - TRENDnet TEW-311BRP User Manual

Hide thumbs Also See for TEW-311BRP:

Quick installation manual (13 pages)

Specifications (2 pages)

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

Table of Contents

APPENDIX D:

There are three essential components to the 802.1x infrastructure: (1) Supplicant, (2) Authenticator and (3)

Server. The 802.1x security supports both MD5 and TLS Extensive Authentication Protocol (EAP). The 802.1x

Authentication is a complement to the current WEP encryption used in wireless network. The current security

weakness of WEP encryption is that there is no key management and no limitation for the duration of key life-

time. 802.1x Authentication offers key management, which includes key per user and key per session, and

limits the lifetime of the keys to certain duration. Thus, key decryption by unauthorized attacker becomes ex-

tremely difficult, and the wireless network is safely secured. We will introduce the 802.1x Authentication

infrastructure as a whole and going into details of the setup for each essential component in 802.1x authentica-

tion.

802.1x Authentication Infrastructure

802.11 Wireless

Support 802.1X

Clients

The Infrastructure diagram showing above illustrates that a group of 802.11 wireless clients is trying to form a

802.11 wireless network with the Access Point in order to have access to the Internet/Intranet. In 802.1x au-

thentication infrastructure, each of these wireless clients would have to be authenticated by the Radius server,

which would grant the authorized client and notified the Access Point to open up a communication port to be

used for the granted client. There are 2 Extensive Authentication Protocol (EAP) methods supported: (1) MD5

and (2) TLS.

MD5 authentication is simply a validation of existing user account and password that is stored in the server with

what are keyed in by the user. Therefore, wireless client user will be prompted for account/password validation

every time when he/she is trying to get connected. TLS authentication is a more complicated authentication,

which involves using certificate that is issued by the Radius server, for authentication. TLS authentication is a

more secure authentication, since not only the Radius server authenticates the wireless client, but also the cli-

ent can validate the Radius server by the certificate that it issues. The authentication request from wireless

clients and reply by the Radius Server and Access Point process can be briefed as follows:

1. The client sends an EAP start message to the Access Point

2. The Access Point replies with an EAP Request ID message

3. The client sends its Network Access Identifier (NAI) – its user name – to the Access Point in an EAP Re-

spond message.

4. The Access Point forwards the NAI to the RADIUS server with a RADIUS Access Request message.

802.1X AUTHENTICATION SETUP

802.11 Wireless

Access Points

Authentication Request

Public

802.11

Wireless

Networks

– 77 –

Support 802.1X

Authentication Success

Inter

net/I

ntra-

RADIUS

Server

Table of Contents

X Authentication Infrastructure; Appendix D: 802.1X Authentication Setup - TRENDnet TEW-311BRP User Manual

802.1x Authentication Infrastructure

Related Manuals for TRENDnet TEW-311BRP

Related Content for TRENDnet TEW-311BRP

Table of Contents