40 likes | 116 Views
Interfaces - 802.1x - EAP - 802.11 Key Exchange. 802.1x /EAP. portStatus = authorized keyAvailable=True. Authenticate user/AS. Key Exchange. Establish session key. portValid=True. Port Activate. Enable controlled port. portActive=True. Changes to state machine.
E N D
Interfaces -802.1x - EAP - 802.11 Key Exchange 802.1x /EAP portStatus = authorized keyAvailable=True Authenticate user/AS Key Exchange Establish session key portValid=True Port Activate Enable controlled port portActive=True
Changes to state machine • 802.1x authenticated should not depend on port valid - they are orthogonal • Port valid is set by key exchange or by configuration as before • New variable - portActive is needed, as well as some way of coordinating the three states.
Additions to state machine • 802.1x must sequence through portStatus=Authorized, but not through porta valid or portActive • Activation of port will depend on application - 802.11 may have virtual ports that are authorized and valid but not active • Note that this will require some additional changes not described here
Result • Making these changes make 802.1x and key exchange independent • Easier to plug in different key exchange machines • Makes some possibilities for fast roaming easier to conceptualize and implement