70 likes | 242 Views
Pre-Authentication with 802.1X. Relationship Between State Variables and Services. Class 1 frames does include data frames. Class 1 frames (permitted from within States 1, 2 and 3): Data frames: Data frames with FC control bits "To DS” and “From DS" both false.
E N D
Pre-Authentication with 802.1X D. Halasz, Cisco, K. Amann, SpectraLink
Relationship Between State Variables and Services D. Halasz, Cisco, K. Amann, SpectraLink
Class 1 frames does include data frames • Class 1 frames (permitted from within States 1, 2 and 3): • Data frames: • Data frames with FC control bits "To DS” and “From DS" both false. D. Halasz, Cisco, K. Amann, SpectraLink
IEEE 802.1X packets from the supplicant go to the authenticator • From IEEE 802.1X • “… This encapsulated form of EAP, known as EAP over LANs, or EAPOL, is used for all communication between the Supplicant PAE and the Authenticator PAE. The Authenticator PAE can then re-package the EAP protocol for onward transmission to the Authentication Server, if the server function is not co-located….” D. Halasz, Cisco, K. Amann, SpectraLink
Infrastructure state information is not affected by the pre-authentication • Since the authenticator sends the data to the authentication server, switches will not get confused. D. Halasz, Cisco, K. Amann, SpectraLink
Supplicants can 802.1X authenticate before 802.11 association • Supplicant can be associated and then perform multiple 802.1X authentications, to different APs. • Supplicant can then do a make before break. D. Halasz, Cisco, K. Amann, SpectraLink