Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
181182183184185186187188189190
802.1X Authentication
© 2012 Meru Networks, Inc. Authentication 165
802.1X Authentication
Authentication in the 802.11 standard is focused more on wireless LAN connectivity
than on verifying user or station identity. For enterprise wireless security to scale to
hundreds or thousands of users, an authentication framework that supports central-
ized user authentication must be used in addition to the WEP type specified by
802.11, or by using WPA/WPA2, which incorporates TKIP/CCMP-AES and 802.1X
authentication.
The use of IEEE 802.1X offers an effective framework for authenticating and control-
ling user traffic to a protected network, as well as dynamically varying encryption
keys if WPA/WPA2 is configured. 802.1X ties a protocol called EAP (Extensible
Authentication Protocol) to both the wired and wireless LAN media and supports
multiple authentication methods, such as token cards, Kerberos, one-time pass-
words, certificates, and public key authentication.
802.1X Components
There are three basic pieces to 802.1X authentication:
1. Supplicant—a software client running on the wireless station
2. Authenticator—the access point and the controller
3. Authentication Server—an authentication database, traditionally a Radius server
such as Cisco ACS, Steel Belt Radius server (Juniper), or Microsoft IAS. In System
Director release 4.1 and later, TACACS+ authentication is also supported.
Extensible Authentication Protocol (EAP) is used to pass the authentication informa-
tion between the supplicant (the wireless station) and the authentication server
(Radius, MS IAS, TACACS+ or other). The actual authentication is defined and handled
by the EAP type. The access point (and the controller in the configuration) acts as
the authenticator. The authenticator is a client of the server that allows the suppli-
cant and the authentication server to communicate.
About the EAP Types
The EAP type you choose, and whether you choose to implement authentication in
your organization, depends on the level of security you require. Some of the most
commonly deployed EAP authentication types include the following, all of which are
supported by the controller:
EAP-TLS
EAP-PEAP
EAP-TTLS
Cisco LEAP