Dolphin Peripherals 9500 PDAs & Smartphones User Manual


 
7 - 32 Rev C Dolphin® 9500 Series User’s Guide
How 802.1X Works
The network elements in the above graphics are those involved in a typical wireless LAN. When 802.1X is running, a wireless
device must authenticate itself with the AP in order to get access to the Existing LAN. With respect to the terms used in the 802.1X
standard, APs (APs) function as authenticators and wireless devices function as supplicants. The authenticator keeps a control
port status for each Client it is serving. If a Client has been authenticated, its control port status is said to be Authorized, and the
Client can send application data to the LAN through the AP. Otherwise, the control port status is said to be Unauthorized, and
application data cannot traverse the AP.
Typical Message Exchange Using MD5 or TLS
The above graphic displays the typical message exchange when the device and the AP support 802.1X. When an AP acting as
an authenticator detects a wireless station on the LAN, it sends an EAP-Request for the user's identity to the terminal. In turn,
the terminal responds with its identity, and the AP relays this identity to an authentication server, which is typically an external
RADIUS server.
The RADIUS server can then act as a central repository of user profile information. Such use of a centralized authentication
server allows the user to access wireless LANs at many different points, but still be authenticated against the same server. In
response to the Access-Request, the RADIUS server sends an Access-Challenge to the AP, which is then relayed in the form of
an EAP-Request to the device. The device sends its credentials to the AP, which in turn relays them to the RADIUS server. The
RADIUS server determines whether access to the network is accepted or denied based on the Client's credentials.