Table of Contents
Advertisement
Understanding Authentication Types
Figure 0-3
Switch on
LAN 1
In
Figure
a mutual authentication through the root device. The RADIUS server sends an authentication challenge
to the non-root bridge. The non-root bridge uses a one-way encryption of the user-supplied password to
generate a response to the challenge and sends that response to the RADIUS server. Using information
from its user database, the RADIUS server creates its own response and compares that to the response
from the non-root bridge. When the RADIUS server authenticates the non-root bridge, the process
repeats in reverse, and the non-root bridge authenticates the RADIUS server.
When mutual authentication is complete, the RADIUS server and the non-root bridge determine a
session key that is unique to this session between the RADIUS server and the non-root bridge and that
provides the non-root bridge with an appropriate level of network access. The RADIUS server encrypts
and sends the session key over the wired LAN to the root device. The root device and the non-root bridge
derive the unicast key from this session key. The root generates the broadcast key and sends it to the
non-root bridge after encrypting it with the unicast key. The non-root bridge uses the unicast key to
decrypt it. The non-root bridge and the root device activate WEP and use the unicast and broadcast WEP
keys for all communications during the remainder of the session.
There is more than one type of EAP authentication, but the bridge behaves the same way for each type.
It relays authentication messages from the wireless client device to the RADIUS server and from the
RADIUS server to the wireless client device. See the
section on page 16
If you use EAP authentication, you can select open or share-key authentication, but you do not have to.
Note
EAP authentication controls authentication both to your bridge and to your network.
Cisco 3200 Series Wireless MIC Software Configuration Guide
4
Sequence for EAP Authentication
Non-Root
Bridge
1. Authentication request
2. Identity request
3. Username
(Relay to non-root bridge)
5. Authentication response
(Relay to non-root bridge)
7. Authentication challenge
(Relay to non-root bridge)
9. Authentication success
0-3, a non-root bridge and a RADIUS server on a wired LAN use 802.1x and EAP to perform
for instructions on setting up EAP on the WMIC.
Authentication
Root Bridge
server
(Relay to server)
4. Authentication challenge
(Relay to server)
6. Authentication success
(Relay to server)
8. Authentication response
(Relay to server)
"Assigning Authentication Types to an SSID"
Authentication Types
Hide quick links:
Advertisement
Table of Contents
