7-1
v1.0, June 2007
Chapter 7
Configuring 802.1x Authentication
802.1x is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an
authentication framework for wireless LANs (WLANs). 802.1x uses the Extensible
Authentication Protocol (EAP) to exchange messages during the authentication process. The
authentication protocols that operate inside the 802.1x framework that are suitable for wireless
networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP-
Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while
also allowing the client to authenticate the network.
This chapter describes the following topics:
• “802.1x Authentication” on page 7-1
• “Configuring 802.1x Authentication” on page 7-4
• “Advanced Configuration Options for 802.1x” on page 7-6
802.1x Authentication
802.1x authentication consists of three components:
•The supplicant, or client, is the device attempting to gain access to the network. You can
configure your system to support 802.1x authentication for wired users as well as wireless
users.
•The authenticator is the gatekeeper to the network and permits or denies access to the
supplicants. The WFS709TP ProSafe Smart Wireless Switch acts as the authenticator, relaying
information between the authentication server and supplicant. The EAP type must be
consistent between the authentication server and supplicant and is transparent to the
WFS709TP.
•The authentication server provides a database of information required for authentication and
informs the authenticator to deny or permit access to the supplicant.
The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User
Service (RADIUS) server that can authenticate either users (through passwords or certificates)
or the client computer.