ArubaOS 8.6.0.0 Help Center
You are here: Home > 802.1X Authentication > 802.1X Authentication

802.1X Authentication

802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. is an IEEEInstitute of Electrical and Electronics Engineers. standard that provides an authentication framework for WLANsWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection.. 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. uses the EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  to exchange messages during the authentication process. The authentication protocols that operate inside the 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. framework that are suitable for wireless networks include EAP-TLSEAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216., PEAPProtected Extensible Authentication Protocol. PEAP is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS., and EAP-TTLSEAP–Tunneled Transport Layer Security. EAP-TTLS is an EAP method that encapsulates a TLS session, consisting of a handshake phase and a data phase. See RFC 5281.. These protocols allow the network to authenticate the client while also allowing the client to authenticate the network.

This section describes the following topics:

Understanding 802.1X Authentication

Configuring 802.1X Authentication

Sample Configurations

Performing Advanced Configuration Options for 802.1X

Other types of authentication not discussed in this section can be found in the following sections of this guide:

Captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication: Configuring Captive Portal Authentication Profiles

VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. authentication: Planning a VPN Configuration

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication: Configuring MAC-Based Authentication

Stateful 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority., stateful NTLM, and WISPrWireless Internet Service Provider Roaming. The WISPr framework enables the client devices to roam between the wireless hotspots using different ISPs. authentication: Stateful and WISPr Authentication

/*]]>*/