Eap authentication to the network – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

353

Configuring Authentication Types

Chapter 12

Figure 92 - Sequence for Shared Key Authentication

EAP Authentication to the Network

This authentication type provides the highest level of security for your wireless
network. By using the Extensible Authentication Protocol (EAP) to interact with
an EAP-compatible RADIUS server, the access point helps a wireless client
device and the RADIUS server to perform mutual authentication and derive a
dynamic unicast WEP key. The RADIUS server sends the WEP key to the access
point, that uses it for all unicast data signals that it sends to or receives from the
client. The access point also encrypts its broadcast WEP key (entered in the
access point’s WEP key slot 1) with the client’s unicast key and sends it to the
client.

When you enable EAP on your access points and client devices, authentication to
the network occurs in the sequence shown in this figure.

Figure 93 - Sequence for EAP Authentication

In Steps 1…9, a wireless client device and a RADIUS server on the wired LAN
use 802.1x and EAP to perform a mutual authentication through the access
point. The RADIUS server sends an authentication challenge to the client.

Access point

or bridge

Wired LAN

Client

device

Server

1. Authentication request

2. Unencrypted challenge text

3. Encrypted challenge text

4. Authentication success

231083

Access point

or bridge

Wired LAN

Client

device

RADIUS Server

1. Authentication request

2. Identity request

3. Username

(relay to client)

(relay to server)

4. Authentication challenge

5. Authentication response

(relay to client)

(relay to server)

6. Authentication success

7. Authentication challenge

(relay to client)

(relay to server)

8. Authentication response

9. Successful authentication

(relay to server)

65583