Filter
Top Products
Chapter 6: Configuring Security
192
Implementing an
802.1x Security
Solution
You can implement 802.1x security in your network. The IEEE 802.1x
standard provides an authentication protocol for 802.11 LANs. 802.1x
provides strong authentication, access control, and key management, and
lets wireless networks scale by allowing centralized authentication of
wireless end devices.
The 802.1x authentication process uses a RADIUS server, which is the
authentication server, and access points, which are the authenticators, to
manage the wireless end device authentication and wireless connection
attributes. Extensible Authentication protocol (EAP) authentication types
provide devices with secure connections to the network. They protect
credentials and data privacy. Examples of EAP authentication types
include Transport Layer Security (EAP-TLS) and Tunneled Transport
Layer Security (EAP-TTLS).
To implement 802.1x security, you must have the following:
An authentication server (RADIUS server), which is software that is
installed on a PC or server on your network or an EAS. The
authentication server accepts or rejects requests from end devices that
want to communicate with the 802.1x-enabled network. For help, see
Chapter 7, “Configuring the Embedded Authentication Server (EAS)”
on page 204.
An authenticator, which is an access point on your network. The
authenticator receives requests from end devices that want to
communicate with the network and forwards these requests to the
authentication server. The authenticator also distributes the WEP keys
to end devices that are communicating with it.
End devices that are 802.1x-enabled. These end devices have an
802.11b or an 802.11a radio and a supplicant (EAP-TLS, EAP-TTLS or
PEAP) loaded on them. Supplicants request communication with the
authenticator using a specific EAP authentication type. For more
information on the availability of 802.1x-enabled end devices, contact
your local Allied Telesyn representative.
A trusted certificate authority (CA), which issues digital authentication
certificates. Allied Telesyn and others can provide the service of acting
as a CA and can issue certificates. For more information, contact your
local Allied Telesyn representative.
The authentication server and end devices with supplicants need
certificates. A CA certificate is the root certificate or public key. A
server certificate (sometimes referred to as the client certificate) is the
private key. For more details, see“About Certificates” on page 206.
The authentication server must have both a CA certificate and a
server certificate installed on it.
An end device with an EAP-TTLS supplicant or a child access point
using secure IAPP-TTLS needs only the CA certificate.