Appendix D Wireless LANs
NXC Series User’s Guide
496
• Accounting
Keeps track of the client’s network activity.
RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless
client and the network RADIUS server.
Types of RADIUS Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user authentication:
• Access-Request
Sent by an access point requesting authentication.
• Access-Reject
Sent by a RADIUS server rejecting access.
• Access-Accept
Sent by a RADIUS server allowing access.
• Access-Challenge
Sent by a RADIUS server requesting more information in order to allow access. The access point sends
a proper response from the user and then sends another Access-Request message.
The following types of RADIUS messages are exchanged between the access point and the RADIUS
server for user accounting:
• Accounting-Request
Sent by the access point requesting accounting.
• Accounting-Response
Sent by the RADIUS server to indicate that it has started or stopped accounting.
In order to ensure network security, the access point and the RADIUS server use a shared secret key,
which is a password, they both know. The key is not sent over the network. In addition to the shared key,
password information exchanged is also encrypted to protect the network from unauthorized access.
Types of EAP Authentication
This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP.
Your wireless LAN device may not support all authentication types.
EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x
transport mechanism in order to support multiple types of user authentication. By using EAP to interact
with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server
perform authentication.
The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that
supports IEEE 802.1x. .
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the
certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to
authenticate users and a CA issues certificates and guarantees the identity of each certificate owner.
To Next Page
Loading...
