User's Manual
and authenticating access to port-based 802.11 wireless and wired Ethernet networks. Port-
based network access control is similar to a switched local area network (LAN) infrastructure
that authenticates devices attached to a LAN port and prevents access to that port if the
authentication process fails.
What is RADIUS?
RADIUS is the Remote Authentication Dial-In User Service, an Authorization, Authentication,
and Accounting (AAA) client-server protocol that is used when a AAA dial-up client logs in or
out of a Network Access Server. Typically, a RADIUS server is used by Internet Service
Providers (ISP) to perform AAA tasks. AAA phases are described as follows:
● Authentication phase: Verifies a user name and password against a local database.
After credentials are verified, the authorization process begins.
● Authorization phase: Determines whether a request is allowed access to a resource.
An IP address is assigned for the dial-up client.
● Accounting phase: Collects information on resource usage for the purpose of trend
analysis, auditing, session-time billing, or cost allocation.
How 802.1X Authentication Works
Following is a simplified description of how 802.1X authentication works.
1. A client sends a "request to access" message to an access point. The access point
requests the identity of the client.
2. The client replies with its identity packet, which is passed along to the authentication
server.
3. The authentication server sends an "accept" packet to the access point.
4. The access point places the client port in the authorized state and data traffic is
allowed to proceed.
802.1X Features
The following authentication methods are supported on Windows* XP:
● 802.1X supplicant protocol support
● Support for the Extensible Authentication Protocol (EAP) - RFC 2284
● Supported Authentication Methods on Windows* XP:
❍ EAP TLS Authentication Protocol - RFC 2716 and RFC 2246
❍ EAP Tunneled TLS (TTLS)
❍ Cisco LEAP