Honeywell International Inc. 9500LUP Manuale Utente
7 - 38
Dolphin® 9500 Series Mobile Computer User’s Guide - Preliminary Rev (d) 12/17/04
How 802.1X Works
The network elements in the above graphics are those involved in a typical wireless LAN. When 802.1X is running, a wireless
device must authenticate itself with the access point in order to get access to the Existing LAN. With respect to the terms used
in the 802.1X standard, access points (APs) function as authenticators and wireless devices function as supplicants. The
authenticator keeps a control port status for each Client it is serving. If a Client has been authenticated, its control port status is
said to be Authorized, and the Client can send application data to the LAN through the AP. Otherwise, the control port status is
said to be Unauthorized, and application data cannot traverse the AP.
device must authenticate itself with the access point in order to get access to the Existing LAN. With respect to the terms used
in the 802.1X standard, access points (APs) function as authenticators and wireless devices function as supplicants. The
authenticator keeps a control port status for each Client it is serving. If a Client has been authenticated, its control port status is
said to be Authorized, and the Client can send application data to the LAN through the AP. Otherwise, the control port status is
said to be Unauthorized, and application data cannot traverse the AP.
Typical Message Exchange Using MD5 or TLS
The above graphic displays the typical message exchange when the device and the AP support 802.1X. When an AP acting as
an authenticator detects a wireless station on the LAN, it sends an EAP-Request for the user's identity to the terminal. In turn,
the terminal responds with its identity, and the AP relays this identity to an authentication server, which is typically an external
RADIUS server.
an authenticator detects a wireless station on the LAN, it sends an EAP-Request for the user's identity to the terminal. In turn,
the terminal responds with its identity, and the AP relays this identity to an authentication server, which is typically an external
RADIUS server.
The RADIUS server can then act as a central repository of user profile information. Such use of a centralized authentication
server allows the user to access wireless LANs at many different points, but still be authenticated against the same server. In
response to the Access-Request, the RADIUS server sends an Access-Challenge to the AP, which is then relayed in the form of
an EAP-Request to the device. The device sends its credentials to the AP, which in turn relays them to the RADIUS server. The
RADIUS server determines whether access to the network is accepted or denied based on the Client's credentials.
server allows the user to access wireless LANs at many different points, but still be authenticated against the same server. In
response to the Access-Request, the RADIUS server sends an Access-Challenge to the AP, which is then relayed in the form of
an EAP-Request to the device. The device sends its credentials to the AP, which in turn relays them to the RADIUS server. The
RADIUS server determines whether access to the network is accepted or denied based on the Client's credentials.