Page 206 - StudyBook.pdf

P. 206

190 Chapter 4 • Communication Security: Wireless

The 802.1x standard works in a similar fashion for both EAPoL and EAPoW.
As shown in Figure 4.8, the EAP supplicant (in this case, the wireless client) com-
municates with the AP over an “uncontrolled port.”The AP sends an EAP
Request/Identity to the supplicant and a Remote Authentication Dial-In User
Service (RADIUS)-Access-Request to the RADIUS access server.The supplicant
then responds with an identity packet and the RADIUS server sends a challenge
based on the identity packets sent from the supplicant.The supplicant provides its
credentials in the EAP-Response that the AP forwards to the RADIUS server. If
the response is valid and the credentials validated, the RADIUS server sends a
RADIUS-Access-Accept to the AP, which then allows the supplicant to communi-
cate over a “controlled” port.This is communicated by the AP to the supplicant in
the EAP-Success packet.

Figure 4.8 EAP over LAN (EAPoL) Trafﬁc Flow

Access Point

Ethernet
supplicant RADIUS server
Access Blocked
EAPoL RADIUS
EAPoL Start
EAP-Request/Identity
RADIUS-Access-Request
EAP-Response/Identity
RADIUS-Access-Challenge
EAP-Request
EAP-Response
(credentials) RADIUS-Access-Request
EAP-Success RADIUS-Access-Accept
Access Allowed

www.syngress.com

201 202 203 204 205 206 207 208 209 210 211