Skip to main content

What is 802.1x

Authentication means making sure that something is what it claims to be. E.g., in online banking, you want to make sure that the remote computer is actually your bank, and not someone pretending to be your bank. The purpose of 802.1x is to accept or reject users who want full access to a network using 802.1x. It is a security protocol that works with 802.11 wireless networks such as 802.11g and 802.11b, as well as with wired devices.

In a wireless network, 802.1x is used by an access point to implement WPA. In order to connect to the access point, a wireless client must first be authenticated using WPA.


In a wired network, switches use 802.1x in a wired network to implement port-based authentication. Before a switch forwards packets through a port, the attached devices must be authenticated. After the end user logs off, the virtual port being using is changed back to the unauthorized state.

A benefit of 802.1x is the switches and the access points themselves do not need to know how to authenticate the client. All they do is pass the authentication information between the client and the authentication server. The authentication server handles the actual verification of the client’s credentials. This lets 802.1x support many authentication methods, from simple user name and password, to hardware token, challenge and response, and digital certificates.

802.1x uses EAP (Extensible Authentication Protocol) to facilitate communication from the supplicant to the authenticator and from the authenticator to the authentication server.


EAP supports various authentication methods. As a user seeking authentication, you just need to use a method supported by the authentication server. As an administrator, you need to select which methods your server will use. Selection is beyond the scope of this article (and outside the scope of free NETGEAR support), however, the material in the Microsoft article will give administrators a solid grounding.



EAP-TLS is widely supported. It uses PKI (e.g., a digital certificate) to authenticate the supplicant and authentication server.

EAP-MD5 uses standard user name and password. The supplicant’s password is hashed with MD5 and the hash value is being used to authenticate the supplicant.

LEAP is Cisco’s Lightweight EAP, and works mainly with Cisco products. It also uses MD5 hash, but both the supplicant and authentication server are authenticated.

EAP-TTLS uses PKI to authenticate the authentication server. However, it supports a different set of authenticate methods (e.g. CHAP, PAP, MS-CHAP v2) to authenticate the supplicant.

PEAP (Protected EAP), which is built-in to Windows XP, uses PKI to authenticate the authentication server. It supports any type of EAP to authenticate the supplicant including certificate.
Labels:

Comments

Post a Comment

Popular posts from this blog

Create a Restore Point for Windows 7 or Vista’s System Restore

If you are thinking of installing an application but aren’t quite sure what it’s going to do to your computer, I would absolutely recommend creating a restore point before you install that application, and here are the steps to do so. Note that most application installs automatically create a restore point, but you can do this if you are really worried. Open up the Start Menu and right-click on “Computer”, and then select “Properties”. This will take you into the System area of Control Panel. Click on the “System Protection” link on the left hand side. Now select the “System Protection” tab to get to the System Restore section. Click the “Create” button to create a new restore point. You’ll be prompted for a name, and you might want to give it a useful name that you’ll be able to easily identify later. Click the Create button, and then the system will create the restore point. When it’s all finished, you’ll get a message saying it’s completed successf...
Post a Comment
Read more

How to Clean Up Your Messy Windows Context Menu

One of the most irritating things about Windows is the context menu clutter that you have to deal with once you install a bunch of applications. It seems like every application is fighting for a piece of your context menu, and it’s not like you even use half of them. Today we’ll explain where these menu items are hiding in your registry, how to disable them the geeky way, and an easier cleanup method for non-geeks as well. Either way, your context menu won’t look like this one anymore… Cleaning the Context Menu by Hacking the Registry If you want to clean things up the truly geeky way, you can open up regedit.exe through the start menu search or run box, and then browse down to one of the following keys… sadly the context menu items are not stored in a single location. Most of the menu items that used for all files and folders can be found by looking at one of these keys: HKEY_CLASSES_ROOT\*\shell HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_...
Post a Comment
Read more

Using Windows 7 or Vista System Restore

Windows 7 and Vista has a feature called System Restore that automatically backs up registry and system files whenever you install new software or drivers. This feature is useful when you install evil software that makes your computer run really slow. But don’t worry, System Restore won’t remove Windows Vista. Using System Restore in Windows There are two places that you can use the system restore feature from. From within Windows, you can just type restore into the Start menu search box, and you’ll immediately see System Restore at the top of the start menu: Or you can type rstrui into the search box and hit enter. Your choice. You will immediate see a screen where you can choose to roll back the system to the last restore point. You can select “Recommended restore”, and just click next, or you can choose a different restore point.   If you do choose a different restore point, you will see a list of restore points that you can choose from. How many times ...
Post a Comment
Read more