Configuring 802.1x security, Wireless hops. see – Allied Telesis AT-WL2411 User Manual

Page 154

Advertising
background image

Configuring Security

154

Configuring 802.1x Security

The AT-WL2411 can help implement 802.1x security in an 802.11b
network. The IEEE 802.1x standard provides an authentication protocol
for 802.11 LANs. 802.1x provides strong authentication, access control,
and key management, and lets wireless networks scale by allowing
centralized authentication of wireless end devices. Allied Telesyn can
provide a complete 802.1x security solution.

The 802.1x authentication process uses a RADIUS server, which is the
authentication server, and access points, which are the authenticators,
to manage the wireless end device authentication and wireless
connection attributes. Extensible Authentication protocol (EAP)
authentication types provide devices with secure connections to the
network. They protect credentials and data privacy. Examples of EAP
authentication types include Transport Layer Security (EAP-TLS) and
Tunneled Transport Layer Security (EAP-TTLS).

To implement 802.1x security, you must have the following:

❑ A trusted certificate authority (CA), which issues digital

authentication certificates. The authentication server must have a
certificate installed on it. Also, if the end devices are using EAP-
TLS, each one needs a client certificate.

❑ An authentication server (RADIUS server), which is software that is

installed on a PC or server on your network. The authentication
server accepts or rejects requests from end devices that want to
communicate with the 802.1x-enabled network.

❑ An authenticator, which is an access point on your network. The

authenticator receives requests from end devices that want to
communicate with the network and forwards these requests to
the authentication server. The authenticator also distributes the
WEP keys to end devices that are communicating with it.

❑ End devices that are 802.1x-enabled. These end devices have an

802.11b radio and a supplicant (EAP-TLS or EAP-TTLS) loaded on
them. Supplicants allow your end devices to request
communication with the authenticator using a specific EAP
authentication type. For more information on the availability of
802.1x-enabled end devices, contact your local Allied Telesyn
representative.

Advertising
Popular Brands
Popular manuals