Member
Let me tell you that I am new in networking type. I have just done some basics in networking but I am not having an ideas about the wireless network. I want to access control in 802.1x wireless network. Since I was not having enough idea about it, I thought to take some tips from you members. Please tell me how to access control in LAN and Wireless Network in 802.1x? I am sure that you people will help me by providing detailed information about it.
Member
I think that you should know more basics before you go in depth. The network standard IEEE 802.1x is a supervisory body that checks the user before it accesses the LAN or wireless network. IEEE 802.1x is properly integrated into the network to ensure a certain basic standard of safety in both the LAN and the WLAN. The fear of data theft or data loss in businesses is great. A weak point for information thieves often forms its own corporate network that is not adequately protected against unauthorized internal or external requests. Against viruses, worms and Trojans have intrusion detection or intrusion prevention systems (IDS / IPS) and firewalls provide good protection. However, this procedure verify essentially only the pure data traffic. Against unauthorized users that the network infiltrate these methods are useless. This standard was originally designed for LAN applications designed. But now comes IEEE 802.1X in wireless environments are used. The independent standard adopts the authentication or authorization of a participant in the physical or logical port of a network (LAN, VLAN, WLAN). This is a so-Radius server (Remote Authentication Dial-In User Service) is needed for access control of network user controls.
Member
The idea for IEEE 802.1x came from institutions, to public networks simply wanted to control the access (universities, government agencies, libraries). The desired solution should be inexpensive and easy to implement. It wanted the users' existing network infrastructure and use their established protocols. Virtual Private Networks (VPN) meet some of the conditions, but retired as a general solution due to their high resource requirements and the complex configuration. The basic IEEE 802.1x functions are:
The model was originally developed for switches (802.1D) and extended later to the 802.11 standard for WLANs.
- Access control (user-oriented control system),
- Accounting (Billing and Accounting),
- Bandwidth allocation (QoS = Quality of Service per User),
- Creation of user profiles (User Personalized Network = UPN)
- Single Sign-on.
Member
The IEEE 802.1x standard is an important development of network security because it allows users to have access to a network port to be identified. Using single sign-on lets users with a single authentication to multiple systems and applications log on simultaneously, such as dial-in servers, firewalls, VPNs or wireless LANs. This will authenticate the user once in a central RADIUS server. All providers that allow dialing in to a network, are facing a big problem. They offer many users in different locations access to the Internet. Security must be strictly checked off, who gets access to the network to an abuse of the server services from the outset to exclude. In addition, the provider may need mechanisms enabling them to capture and calculate online time for users. So, one needs a powerful system that can provide centrally for authentication, authorization and accounting (AAA).
Member
The communication between the RADIUS client and server is secured by the fact that both communication partners can authenticate each other through a shared secret, and encrypt the data transfer. Radius supports many authentication mechanisms such as PAP, CHAP, EAP or Unix login and can handle many Extensible attributes to a user and submit. There are now several radius servers with 802.1x/EAP-Support in the market. They range from complex command-line tool to more user-friendly servers with its own configuration GUI. Available software server (Windows 2000, 2003, 2008 or Linux or free providers) as well as in network hardware (router, Access Point Switch) integrated server.
Member
EAP was originally developed for the point-to-Point Protocol (PPP) and is specified in RFCs 2284 and 2716th By using EAP, two communication partners before the actual authentication negotiate which authentication method should be applied. Due to the execution as an Application Programming Interface (API) developed in the future authentication protocols are EAP can rely on. EAP describes in a simple question and answer procedure the exchange of authentication data from the user to the authentication server and its response. In this case, any authentication mechanisms like Kerberos, Securities or certificates can be used. EAP is used either in conjunction with PPP or as a protocol framework for exchanging authentication data in other protocols, such as in IEEE 802.1x. For the purpose of EAP over 802.1X authentication over the data using EAPOL (Extensible Authentication Protocol LAN) in the case of wireless or transferred according EAPoW.
Member
The EAP requires the user to authenticate. Its first authentication information is forwarded to the port or the authenticator. Once that has received the data, it forwards them to an authorization and accounting server, usually a radius server on. This identified by the stored user profiles to the user, that is, it decides whether the user has access to the requested services. In some cases, assumes the radius server to authenticate yourself, but will forward data to another unit on the authentication, usually to a directory service (LDAP server, Directory Server). In the case of an unsuccessful authentication gets the authenticator corresponding information, which ensures that the port is not enabled, so the mode Authentication on / Port off takes, or retains the default system behavior (Authentication on / Port on with Default Policy). In both cases, the user is denied access to the requested services. However, if the authentication is successful, the message is the corresponding to the radius server to switch or access point returns, the function name "Radius / EAP Success" bear. The authenticator then switches immediately to the appropriate port free for unlimited data transport.
Posting Permissions
Reply With Quote
Bookmarks