Blue Light
Space shortcuts
Child pages
  • General information

Versions Compared

Old Version 10

changes.mady.by.user Dyuman

Saved on

compared with

New Version 11

changes.mady.by.user Dyuman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Things to mention:

802.1X is a standard that is part of 802.1, it consists in access control to a network by allowing/blocking all packets at the client's point of access into the network, including all broadcast packets, etc.  ... It is possible on Wi-Fi, ethernet and possibly other mediums.

Upon connecting a device to an ethernet port on a switch or associating to a wireless SSID, the network switch or wifi access point (sometimes not necessarily very correctly referred to as wifi router) concerned will initially not allow any data to be transmitted/received by the device. It will request the connected device to identify itself and, upon approval of the supplied credentials by an authentication server, start accepting packets from/to the newly connected device, or continue dis-allowing, in the case the authentication server did not approve the credentials.

...

In the above example, a wifi access point (sometimes not necessarily very correctly referred to as wifi router) is providing access to the 192.168.254.0/24 network. When a device (called a supplicant) attempts to connect to the wifi network, the wireless router starts an EAP conversation with the supplicant over 802.1X, requesting it to supply credentials. The router then connects to the authentication server (which, in the example above is also part of the 192.168.254.0/24 network) and sends the EAP response it received from the supplicant over the RADIUS protocol in a packet of type Access-Request as one of the attributes. The authentication server may wish to request the client for more information, it may thus answer the wifi router with a RADIUS packet of type Access-Challenge containing an EAP message to be forwarded to the supplicant. The NAS facilitates this conversation between authentication server and supplicant until the authentication server sends a RADIUS packet to the NAS which is of either type Access-Accept or Access-Reject.

...

post-auth - After it has been determined what action should be taken, this section takes care of any extra tasks required to be carried out, for example logging, and can also add/modify attributes to be sent back to the NAS as part of the Access-Accept/Access-Reject packet.

Sources

 https://en.wikipedia.org/wiki/IEEE_802.1X

https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

...