Skip to main content

What is 802.1x

Authentication means making sure that something is what it claims to be. E.g., in online banking, you want to make sure that the remote computer is actually your bank, and not someone pretending to be your bank. The purpose of 802.1x is to accept or reject users who want full access to a network using 802.1x. It is a security protocol that works with 802.11 wireless networks such as 802.11g and 802.11b, as well as with wired devices.

In a wireless network, 802.1x is used by an access point to implement WPA. In order to connect to the access point, a wireless client must first be authenticated using WPA.


In a wired network, switches use 802.1x in a wired network to implement port-based authentication. Before a switch forwards packets through a port, the attached devices must be authenticated. After the end user logs off, the virtual port being using is changed back to the unauthorized state.

A benefit of 802.1x is the switches and the access points themselves do not need to know how to authenticate the client. All they do is pass the authentication information between the client and the authentication server. The authentication server handles the actual verification of the client’s credentials. This lets 802.1x support many authentication methods, from simple user name and password, to hardware token, challenge and response, and digital certificates.

802.1x uses EAP (Extensible Authentication Protocol) to facilitate communication from the supplicant to the authenticator and from the authenticator to the authentication server.


EAP supports various authentication methods. As a user seeking authentication, you just need to use a method supported by the authentication server. As an administrator, you need to select which methods your server will use. Selection is beyond the scope of this article (and outside the scope of free NETGEAR support), however, the material in the Microsoft article will give administrators a solid grounding.



EAP-TLS is widely supported. It uses PKI (e.g., a digital certificate) to authenticate the supplicant and authentication server.

EAP-MD5 uses standard user name and password. The supplicant’s password is hashed with MD5 and the hash value is being used to authenticate the supplicant.

LEAP is Cisco’s Lightweight EAP, and works mainly with Cisco products. It also uses MD5 hash, but both the supplicant and authentication server are authenticated.

EAP-TTLS uses PKI to authenticate the authentication server. However, it supports a different set of authenticate methods (e.g. CHAP, PAP, MS-CHAP v2) to authenticate the supplicant.

PEAP (Protected EAP), which is built-in to Windows XP, uses PKI to authenticate the authentication server. It supports any type of EAP to authenticate the supplicant including certificate.
Labels:

Comments

Post a Comment

Popular posts from this blog

Create a Restore Point for Windows 7 or Vista’s System Restore

If you are thinking of installing an application but aren’t quite sure what it’s going to do to your computer, I would absolutely recommend creating a restore point before you install that application, and here are the steps to do so. Note that most application installs automatically create a restore point, but you can do this if you are really worried. Open up the Start Menu and right-click on “Computer”, and then select “Properties”. This will take you into the System area of Control Panel. Click on the “System Protection” link on the left hand side. Now select the “System Protection” tab to get to the System Restore section. Click the “Create” button to create a new restore point. You’ll be prompted for a name, and you might want to give it a useful name that you’ll be able to easily identify later. Click the Create button, and then the system will create the restore point. When it’s all finished, you’ll get a message saying it’s completed successf...
Post a Comment
Read more

How to Clean Up Your Messy Windows Context Menu

One of the most irritating things about Windows is the context menu clutter that you have to deal with once you install a bunch of applications. It seems like every application is fighting for a piece of your context menu, and it’s not like you even use half of them. Today we’ll explain where these menu items are hiding in your registry, how to disable them the geeky way, and an easier cleanup method for non-geeks as well. Either way, your context menu won’t look like this one anymore… Cleaning the Context Menu by Hacking the Registry If you want to clean things up the truly geeky way, you can open up regedit.exe through the start menu search or run box, and then browse down to one of the following keys… sadly the context menu items are not stored in a single location. Most of the menu items that used for all files and folders can be found by looking at one of these keys: HKEY_CLASSES_ROOT\*\shell HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_...
Post a Comment
Read more

Linuxfx 10 : A Windows-Like Linux Distro

The idea of Linuxfx is to make it easier for people who are migrating from Windows 7. People who are dissatisfied with the lack of security and stability of Windows 10 are also fit for Linuxfx. LinuxFX Desktop : Apart from Windows-like looks, Linuxfx also has more to offer which a regular user will definitely admire. So, let’s get along with me to know more about Windows alternative Linuxfx. As usual, I started by downloading the ISO image of Linuxfx from the official site  here . Then, instead of dual-booting, I decided to install it on my VirtualBox to play safely. After finishing the basic configuration, as soon as I booted it, I noticed a Windows logo and system integrity check. That’s quite surprising because every Linux distro puts their own or OEM logo on that place. But I think Linuxfx wants to make migrating users feel like home from the beginning. Entering the boot menu, Linuxfx redirected and logged in to a live session. Whoah! it can also detect the system I’m using — a...
Post a Comment
Read more