Pre-Authentication with 802.1X

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Doc.: IEEE 11-15/0454r0 March 2015 SubmissionSlide 1, Mark Hamilton, Spectralink Some more DS architecture concepts Date: Authors: Sli de 1.
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Ethernet Network Fundamentals – Chapter 9.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
1 © 2000, Cisco Systems, Inc. Cisco Company Confidential - Do not distributeSE Meeting – November 16th 2000 Security for Next Generation Wireless LANs.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Doc.: IEEE /176 Submission July 2000 Slide 1Several Authors Perspective on the QoS Problem Keith Amann, Spectralink Peter Ecclesine, Cisco David.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Doc.: IEEE /035 Submission March 2000 Bernard Aboba, Tim Moore, MicrosoftSlide 1 IEEE 802.1X For Wireless LANs Bernard Aboba, Tim Moore, Microsoft.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Doc.: IEEE /419 Submission November 2000 David Halasz et alSlide 1 TGe Security Baseline David Halasz, Stuart Norman, Glen Zorn Cisco Systems,
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
Submission doc.: IEEE r1 March 2012 Dan Harkins, Aruba NetworksSlide 1 The Pitfalls of Hacking and Grafting Date: Authors:
Port Based Network Access Control
Doc.: IEEE /2952r2 Submission Dec 2007 L.Chu Etc.Slide 1 Simplified DLS Action Frame Transmission in 11Z Date: Authors:
Robust Security Network (RSN) Service of IEEE
Chapter 3: Network Protocols and Communications
Extensible Authentication Protocol
TGaq Transaction Protocol
Peer Power Save Mode Date: Authors: March 2008 March 2008
Some LB 62 Motions January 13, 2003 January 2004
Security for Next Generation Wireless LANs Merwyn Andrade 11/16/00
802.1x/EAP state machine status Work in Progress
Introduction to 802.1X Operations for Cisco Security Professionals Exam Dumps practice-questions.html.
802.1X and key interactions Tim Moore November 2001
– Chapter 5 (B) – Using IEEE 802.1x
Wireless LAN Security 4.3 Wireless LAN Security.
TGaq Transaction Protocol (update)
Use of EAPOL-Key messages during pre-auth
Chapter 15 Wireless LANs.
TGr Architectural Entities
Integrity Check for Disassociate/Associate/Re-associate
Just-in-time Transition Setup
TGi Final Report for the November 2003 Session
TGi Final Report for the September 2002 Session
TGi Final Report for the January 2003 Session
802.1X/ Issues Nancy Cam-Winget, Cisco Systems
Peer Power Save Mode Date: Authors: March 2008 March 2008
Jesse Walker and Emily Qi Intel Corporation
Tentative Association May 12, 2004
Discussion for 11ah Functional Requirements
Roaming Keith Amann, Spectralink
TGi Preliminary Agenda
DLP & Security March 2003 Month 2002 doc.: IEEE /xxxr0
Network Fundamentals – Chapter 9
TGi Final Report for the January 2004 Session
TGi Preliminary Agenda
Management Frame Channel Access Latency in TGh
TGi Security Agenda and Status
A Joint Proposal for Security
TGi Final Report for the March 2003 Session
PS-Poll TXOP Date: Authors: Month Year
The Need for Fast Roaming
Overview of Improvements to Key Holder Protocols
Simplified DLS Action Frame Transmission in 11Z
Overview of Improvements to Key Holder Protocols
TGi Final Report for the May 2004 Session
Data Link Control (DLC) Services
Link Setup Flow July 2011 Date: Authors: Name Company
Roaming timings and PMK lifetime
Background A standards group in China (CCSA) has developed a wireless LAN security approach known as WAPI IEEE Task Group i reviewed the situation.
TGi Final Report for the September 2003 Session
Comment Resolution Motions
Presentation transcript:

Pre-Authentication with 802.1X doc.: IEEE 802.11-02/147 March 2002 March 2002 Pre-Authentication with 802.1X D. Halasz, Cisco, K. Amann, SpectraLink David Halasz, Cisco

Relationship Between State Variables and Services doc.: IEEE 802.11-02/147 March 2002 March 2002 Relationship Between State Variables and Services D. Halasz, Cisco, K. Amann, SpectraLink David Halasz, Cisco

Class 1 frames does include data frames March 2002 Class 1 frames does include data frames Class 1 frames (permitted from within States 1, 2 and 3): Data frames: Data frames with FC control bits "To DS” and “From DS" both false. D. Halasz, Cisco, K. Amann, SpectraLink

IEEE 802.1X packets from the supplicant go to the authenticator March 2002 IEEE 802.1X packets from the supplicant go to the authenticator From IEEE 802.1X “… This encapsulated form of EAP, known as EAP over LANs, or EAPOL, is used for all communication between the Supplicant PAE and the Authenticator PAE. The Authenticator PAE can then re-package the EAP protocol for onward transmission to the Authentication Server, if the server function is not co-located….” D. Halasz, Cisco, K. Amann, SpectraLink

March 2002 Infrastructure state information is not affected by the pre-authentication Since the authenticator sends the data to the authentication server, switches will not get confused. D. Halasz, Cisco, K. Amann, SpectraLink

Supplicants can 802.1X authenticate before 802.11 association March 2002 Supplicants can 802.1X authenticate before 802.11 association Supplicant can be associated and then perform multiple 802.1X authentications, to different APs. Supplicant can then do a make before break. D. Halasz, Cisco, K. Amann, SpectraLink

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.