Date post: | 01-Jul-2015 |
Category: |
Technology |
Upload: | dan-miller |
View: | 938 times |
Download: | 1 times |
IEEE 802.1x Authenticati
on Standard:
Terms: Supplicant - The User or Client to be
authenticated Radius Server – The Server doing the
authentication Authenticator – The device between the
Supplicant & the Radius Server EAPOL – (Extensible Authentication
Protocol Over LANs)
How it Works: The Authenticator sends an EAP request
packet to the Supplicant. The Supplicant sends an EAP packet to
the Authenticator. The Authenticator sends a packet to the
Radius Server. The Radius Server challenges the
Authenticator with a token or password.
How it Works: continued…
The Authenticator changes it from the IP to EAPOL.
The Supplicant responds to the challenge and passes it to the Authentication Server.
If there’s a successful challenge, then the Authentication Server responds with a success message allowing access to the LAN.
Example:
Key Aspects: Supplicant = End station software
Authenticator = Wired switch or SSID
Authentication Server = Ensures certificate or passwords are correct
Benefits: IEEE Standard 98% of all switches
support 802.1x
Good authentication
‘Pre-connect’ enforcement of access policies
Drawbacks: Incompatibilities with certain switches
Some security issues
Tough to deploy
Does not have a ‘post-connect’