WR3000 4-Port Wireless DSL/Cable Router
®
53
7.5 802.1 x Overview
The IEEE 802. lx standard outlines enhanced security methods for both the authentication of
wireless stations and encryption key management. Authentication can be done using the local
user database internal to the WR3000 Wireless Router (authenticate up to 32 users) or an
external RADIUS server for an unlimited number of users.
7.6 Introduction to RADIUS
RADIUS is based on a client-sever model that supports authentication and accounting, where
Wireless Router is the client and the server is the RADIUS server. The RADIUS server handles
the following tasks among others:
• Authentication - Determines the identity of the users.
• Accounting - Keeps track of the client’s network activity.
RADIUS user is a simple package exchange in which your WR3000 Wireless Router acts as a
message relay between the wireless station and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the Wireless Router and the
RADIUS server for user authentication:
• Access-Request - Sent by an Wireless Router requesting authentication.
• Access-Reject - Sent by a RADIUS server rejecting access.
• Access-Accept - Sent by a RADIUS server allowing access.
• Access-Challenge - Sent by a RADIUS server requesting more information in order to
allow access.The Wireless Router sends a proper response from the user and then sends
another Access-Request message.
The following types of RADIUS messages are exchanged between the Wireless Router and
the RADIUS server for user accounting:
• Accounting-Request - Sent by the Wireless Router requesting accounting.
• Accounting-Response - Sent by the RADIUS server to indicate that it has started or
stopped accounting.
In order to ensure network security, the Wireless Router and the RADIUS server use a shared
secret key, which is a password, they both know. The key is not sent over the network. In
addition to the shared key, password information exchanged is also encrypted to protect the
wired network from unauthorized access.
7.6.1 EAP Authentication Overview
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the
IEEE802.1x transport mechanism in order to support multiple types of user authentication. By
using EAP to interact with an EAP-compatible RADIUS server, the Wireless Router helps a
wireless station and a RADIUS server perform authentication.
Continued on the next page.