802.1x

  • network standard for medium access (does not refer to 802.11 only)

  • Port-based access control, a client is authenticated to an AP using authentication server (RADIUS, TACACS+)

  • At the beginning, clients are authenticated to AP, their communication depends on authentication with an EAP server

  • To achieve a complex security it is inevitable to combine 802.1x with:

  • 1. Dynamic (per-session) WEP keys

  • 2. (Per Packet Keying, TKIP, MIC, Broadcast key rotation) = 802.11i

  • 3. Securing on higher layers (SSH, SSL protocols)