Wlan validating identity
The 802.1X framework consists of three main components: The authenticator maintains two virtual ports: an uncontrolled port and a controlled port.The uncontrolled port allows EAP authentication traffic to pass through, while the controlled port blocks all other traffic until the supplicant has been authenticated.The broadcast key is used to encrypt and decrypt all broadcast and multicast data frames.Each client station has a unique and separate unicast key, but every station must share the same broadcast key.An access point or wireless switch would be the authenticator, blocking access via virtual ports. Although the supplicant, authenticator, and authentication server work together to provide the framework for 802.1X port-based access control, an authentication protocol is needed to actually perform the authentication process.Extensible Authentication Protocol (EAP) is used to provide user authentication.The broadcast key is delivered from the access point in a unicast frame encrypted with each individual client station’s unicast key.
The supplicant and the authentication server communicate with each other using the EAP protocol.
A side benefit of EAP protocols that utilize mutual authentication is the generation and distribution of dynamic encryption keys.
Until now, you have learned about only static or preshared WEP keys.
This dynamic session key is often referred to as the unicast key because it is the dynamically generated key that is used to encrypt and decrypt all unicast data frames.
After the key is created, the AS delivers its copy of the unicast key to the access point.