SMC Networks SMC2586W-G Network Card User Manual


 
IEEE 802.1x/RADIUS
IEEE 802.1x Port-Based Network Access Control is a new standard for solving
some secu-rity issues associated with IEEE 802.11, such as lack of user-based
authentication and dy-namic encryption key distribution. With IEEE 802.1x, a
RADIUS (Remote Authentication Dial-In User Service) server, and a user
account database, an enterprise or ISP (Internet Service Provider) can manage
its mobile users’ access to its wireless LANs. Before granting access to a
wireless LAN supporting IEEE 802.1x, a user has to issue his or her user
name and password or digital certificate to the backend RADIUS server by
EAPOL (Extensible Authentication Protocol Over LAN). The RADIUS server
can record accounting information such as when a user logs on to the wireless
LAN and logs off from the wireless LAN for monitoring or billing purposes.
The IEEE 802.1x functionality of the access point is controlled by the security
mode (see Section 3.5.2.1). So far, the wireless access point supports two
authentication mecha-nisms—EAP-MD5 (Message Digest version 5), EAP-TLS
(Transport Layer Security). If EAP-MD5 is used, the user has to give his or
her user name and password for authentication. If EAP-TLS is used, the
wireless client computer automatically gives the user’s digital certifi-cate
that is stored in the computer hard disk or a smart card for authentication.
And after a successful EAP-TLS authentication, a session key is automatically
generated for wireless packets encryption between the wireless client computer
and its associated wireless access point. To sum up, EAP-MD5 supports only
user authentication, while EAP-TLS supports user authentication as well as
dynamic encryption key distribution.
Fig. 51 IEEE 802.1x and RADIUS.
43