802.1X/EAP

Introduction to 802.1X

The 802.1x standard is a security solution ratified by the IEEE in June 2001 which can authenticate (identify) a user who wants to access a network (whether wired or wireless). This is done through the use of an authentication server.

802.1x is based on the EAP protocol (Extensible Authentication Protocol), as defined by the IETF. This protocol is used for transporting user identification information.

EAP

The EAP protocol is centred around the use of an access controller called an authenticator, which either grants or denies a user access to the network. The user in this system is called a supplicant. The access controller is a basic firewall which acts as an intermediary between the user and an authentication server, and requires very few resources to function. For a wireless network, the access point acts as the authenticator.

The authentication server (sometimes called the NAS, for Network Authentication Service or Network Access Service) can approve the user's identity as transmitted by the network controller, and then grant the user access depending on his or her credentials. What's more, this type of server can store and keep track of information related to the users. In the case of a service provider, for example, these features allow the server to bill them based on how long they were connected or how much data they transferred.

The authentication server is most commonly a RADIUS server (Remote Authentication Dial-In User Service), a standard authentication server defined by RFC 2865 and 2866, but any other authentication service may be used instead.

The following is a summary of how a secure network using the 802.1x standard works:

The access controller, having previously received a connection request from the user, sends an identification request;
The user sends a response to the access controller, which routes the response to the authentication server;
The authentication server sends a "challenge" to the access controller, which transmits it to the user. The challenge is a method of establishing identification. If the client cannot evaluate the challenge, the server tries another one, and so on;
The user responds to the challenge. If the user's identity is correct, the authentication server sends approval to the access controller, which allows the user onto the network or part of the network, depending on the rights granted. If the user's identity could not be verified, the authentication server sends a refusal message, and the access controller denies the user access to the network.

Encryption key exchange

Besides authenticating users, the 802.1x standard provides users with a secure way to exchange encryption keys, in order to improve overall security.

Last update on Thursday October 16, 2008 02:43:15 PM.This document entitled « 802.1X/EAP » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Previous WPA2

Help MurocApi:802.1x Config-initialization fa I'm getting this code every time i I try to use the Inter Net MurocApi:802.1x Config-initialization failure en.kioskea.net/forum/affich-4758-help-murocapi-802-1x-config-initialization-fa

Introduction to Wi-Fi (802.11 or WiFi) Introduction to Wi-Fi (802.11) The IEEE 802.11 specification (ISO/IEC 8802-11) is an international standard describing the characteristics of a wireless local area network (WLAN). The name Wi-Fi (short for "Wireless Fidelity", sometimes incorrectly... en.kioskea.net/contents/wifi/wifiintro.php3

WiFi modes of operation (802.11 or Wi-Fi) There are several kinds of hardware that may be used to implement a WiFi wireless network: Wireless adapters or network interface controllers (NICs for short) are network cards with the 802.11 standard which let a machine connect to a wireless... en.kioskea.net/contents/wifi/wifimodes.php3

Results for 802.1X/EAP

Iphone slow on wifi 802.11gHello, I was told my iphone 3g would work faster if i change my wireless router from 802.11g to 802.11b how can I change linksys router en.kioskea.net/forum/affich-93414-iphone-slow-on-wifi-802-11g

Results for 802.1X/EAP

Download CommView for WiFiCommView for WiFi is a monitor and a network analyzer for wireless networking 802.11 a / b / g. The program captures each packet available frame analysis of files sent to see the entire contents of the file, and gives you important information, such... en.kioskea.net/telecharger/telecharger-3252-commview-for-wifi

Results for 802.1X/EAP

Belkin Wireless Access Point 802.11g802.11 g, 802.11b, 802.11g, 54 Mbps Mbps (wireless), 1 LAN ports en.kioskea.net/guide/187232-belkin-wireless-access-point-802-11g

Pretec WiFi SDIO Card (SD-WIFIP) IEEE 802.11b802.11 b en.kioskea.net/guide/1002185-pretec-wifi-sdio-card-sd-wifip-ieee-802-11b

SPECTEC WiFi Card / miniSD (SDW-825) IEEE 802.11b/g802.11 b en.kioskea.net/guide/1201455-spectec-wifi-card-minisd-sdw-825-ieee-802-11b-g

Results for 802.1X/EAP

802.11i / WPA2Introduction to 802.11i 802.11i was ratified on 24 June 2004, in order to address security issues in WiFi networks. Like WPE, it relies on the TKIP encryption algorithm, but it also supports the much more secure AES (Advanced Encryption Standard).... en.kioskea.net/contents/wifi/wifi-wpa2.php3

Wi-Fi wireless network security (802.11 or WiFi)Adapted infrastructure The first thing to do when a wireless network is installed is to place the access points in reasonable locations depending on the desired area of coverage. However, it is not uncommon to find that the covered area ends up... en.kioskea.net/contents/wifi/wifisecu.php3

Data transmission techniques on Wi-Fi wireless networks (802.11 Transmission channels A transmission channel is a narrow frequency band that can be used for communication. In every country, the government generally regulates use of the radio spectrum, as it is the largest user of the spectrum due to military... en.kioskea.net/contents/wifi/wifitech.php3

Results for 802.1X/EAP