2. Terms:
Supplicant - The User or Client to be
authenticated
Radius Server – The Server doing the
authentication
Authenticator – The device between the
Supplicant & the Radius Server
EAPOL – (Extensible Authentication
Protocol Over LANs)
3. How it Works:
The Authenticator sends an EAP request
packet to the Supplicant.
The Supplicant sends an EAP packet to
the Authenticator.
The Authenticator sends a packet to the
Radius Server.
The Radius Server challenges the
Authenticator with a token or password.
4. How it Works: continued…
The Authenticator changes it from the IP
to EAPOL.
The Supplicant responds to the challenge
and passes it to the Authentication Server.
If there’s a successful challenge, then the
Authentication Server responds with a
success message allowing access to the
LAN.
6. Key Aspects:
Supplicant = End station software
Authenticator = Wired switch or SSID
AuthenticationServer = Ensures certificate
or passwords are correct
7. Benefits:
IEEE
Standard 98% of all switches support
802.1x
Good authentication
‘Pre-connect’ enforcement of access
policies
8. Drawbacks:
Incompatibilities with certain switches
Some security issues
Tough to deploy
Does not have a ‘post-connect’