ZyAIR B-500 Wireless Access Point User’s Guide
Wireless Security 6-25
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point
sends a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS server
for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which
is a password, they both know. The key is not sent over the network. In addition to the shared key, password
information exchanged is also encrypted to protect the wired network from unauthorized access.
6.17.1 EAP Authentication Overview
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact with
an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform
authentication.
The type of authentication you use depends on the RADIUS server or the AP. The ZyAIR supports EAP-
TLS, EAP-TTLS and DEAP with RADIUS. Refer to the Types of EAP Authentication appendix for
descriptions on the four common types.
Your ZyAIR supports EAP-MD5 (Message-Digest Algorithm 5) with the local user database and RADIUS.
The following figure shows an overview of authentication when you specify a RADIUS server on your
access point.
Figure 6-13 EAP Authentication