802.1x

The security structure in 802.11, including WEP and WEP-based authentication, is not designed to scale to handle large, public networks. The shared key design in WEP requires the network administrator to trust many users with the same authentication credentials for the same set of access points. A standard 802.11 installation also allows anyone within reach to have full access to the layer 2 environments on either side of the access point, regardless of the presence of a portal at the network gateway.

802.1x, a ratified IEEE standard, solves some but not all of these problems. 802.1x is a port based, extensible authentication protocol. “Port based,” in this sense, means a physical port. 802.1x was designed to solve security problems on a campus network. On a typical university campus, there are thousands of Ethernet jacks waiting for someone to plug in and use them. 802.1x was designed to prevent an attacker from walking up to a jack, plugging in, and begin using the network. The protocol is designed to limit the use of the port until the client machine is authenticated.

Structure of 802.1x

There are three players in the 802.1x protocol. The supplicant is the client machine attempting to gain access to the network. The authenticator is the layer 2 device that is providing the port (such as an Ethernet switch or an 802.11b access point). The authentication server is the device that actually verifies the authentication data provided by the supplicant.The relationship of these ...

Get 802.11 Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.