© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory Bridge Functions Consortium 802.1X Port-Based Network Access.

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

Authentication.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
What to expect.  Linux  Windows Server (2008 or 2012)
Module 5: Configuring Access to Internal Resources.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services.
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY IEEE 802.1ad Provider Bridges Henry He UNH-IOL Bridge Functions Consortium.
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory Power over Ethernet Consortium Benefits and Testing Capability.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
Installing Samba Vicki Insixiengmay Jonathan Krieger.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Windows 2003 and 802.1x Secure Wireless Deployments.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory ADSL Consortium Benefits and Testing Capability.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Working with Workgroups and Domains
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
WIRELESS LAN SECURITY Using
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY IPv4 Routing Summer training 2004 Kari Revier Barbara Hill Summer training 2004 Kari Revier Barbara.
Common Devices Used In Computer Networks
Ing. Peter Feciľak , KPI, FEI, TUKE.
70-411: Administering Windows Server 2012
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Michal Procházka, Jan Oppolzer CESNET.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
Module 11: Remote Access Fundamentals
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY The Multiple Spanning Tree Protocol 802.1Q
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory Fast Ethernet Consortium Benefits and Testing Capability.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory Routing Consortium Benefits and Testing Capability.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory Gigabit Ethernet Consortium Benefits and Testing Capability.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory IPv6 Consortium Benefits and Testing Capability.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
Port Based Network Access Control
/Reimage-Repair-Tool/ /u/6/b/ /channel/UCo47kkB-idAA-IMJSp0p7tQ /alexwaston14/reimage-system-repair/
Module 9: Configuring Network Access
Remote Access Lecture 2.
Wireless Modes.
Implementing TMG Server Publishing
Introduction to Networking
Security of a Local Area Network
Presentation transcript:

© UNIVERSITY of NEW HAMPSHIRE INTEROPERABILITY LABORATORY UNH InterOperability Laboratory Bridge Functions Consortium 802.1X Port-Based Network Access Control

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium IntroductionIntroduction 802.1X is a method to authenticate a new connection on a LAN. The Port-Based Authentication Protocol works with three parts. –Supplicant –Authenticator –Authentication Server 802.1X is a method to authenticate a new connection on a LAN. The Port-Based Authentication Protocol works with three parts. –Supplicant –Authenticator –Authentication Server

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium Terms and Definitions Authenticator - An entity at one end of a point-to-point LAN segment that facilitates authentication of the entity attached to the other end of that link. Authentication Server - An entity that provides an authentication service to an Authenticator. This service determines, from the credentials provided by the Supplicant, whether the Supplicant is authorized to access the services provided by the system in which the Authenticator resides. –Usually a Remote Authentication Dial In Service (RADIUS) Server Supplicant - An entity at one end of a point-to-point LAN segment that seeks to be authenticated by an Authenticator attached to the other end of that link. Authenticator - An entity at one end of a point-to-point LAN segment that facilitates authentication of the entity attached to the other end of that link. Authentication Server - An entity that provides an authentication service to an Authenticator. This service determines, from the credentials provided by the Supplicant, whether the Supplicant is authorized to access the services provided by the system in which the Authenticator resides. –Usually a Remote Authentication Dial In Service (RADIUS) Server Supplicant - An entity at one end of a point-to-point LAN segment that seeks to be authenticated by an Authenticator attached to the other end of that link.

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium How It Works - 1 The Supplicant supplies credentials to the Authenticator The supplicant does not have access to the Active Network right now. It can only communicate with the Authenticator The Supplicant supplies credentials to the Authenticator The supplicant does not have access to the Active Network right now. It can only communicate with the Authenticator

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium How It Works - 2 Since the Authenticator has access to the Authentication Server, it transmits the credentials over an encrypted communications.

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium How It Works - 3 If the credentials match what is stored in the Authentication Server’s database, the supplicant is allowed to connect to the LAN If the credentials do not match what is stored in the Authentication Server’s database, the supplicant is denied access to the LAN on all but the Physical Layer

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium SupplicantSupplicant The supplicant is a software program that runs on the Operating system of the computer that is trying to connect the LAN. What the supplicant supplies depends on the Authentication methods being used. The currently tested Authentication protocols are: –MD5-Challenge A Username, Password, and Domain are supplied. –PEAP A Username, Password, Domain, and certificate are supplied. –TTLS A Username, Password, Domain, and an Anonymous Username are supplied. The supplicant is a software program that runs on the Operating system of the computer that is trying to connect the LAN. What the supplicant supplies depends on the Authentication methods being used. The currently tested Authentication protocols are: –MD5-Challenge A Username, Password, and Domain are supplied. –PEAP A Username, Password, Domain, and certificate are supplied. –TTLS A Username, Password, Domain, and an Anonymous Username are supplied.

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium AuthenticatorAuthenticator The Authenticator is normally a switch equipped with the 802.1X protocols and the capability to talk to a RADIUS Server. The Authenticator has the IP address of the RADIUS Server in it as well as a Shared Secret between it and the Server. The Shared Secret allows it to tell the Server that it is in fact an Authenticator that is allowed to talk to it. The Authenticator also controls which ports support 802.1X. –Ports in which 802.1X is enabled are called Controlled Ports. –Ports in which 802.1X is disabled are called Uncontrolled Ports. Uncontrolled Ports do not require any Authentication and may access the LAN immediately. The Authenticator is normally a switch equipped with the 802.1X protocols and the capability to talk to a RADIUS Server. The Authenticator has the IP address of the RADIUS Server in it as well as a Shared Secret between it and the Server. The Shared Secret allows it to tell the Server that it is in fact an Authenticator that is allowed to talk to it. The Authenticator also controls which ports support 802.1X. –Ports in which 802.1X is enabled are called Controlled Ports. –Ports in which 802.1X is disabled are called Uncontrolled Ports. Uncontrolled Ports do not require any Authentication and may access the LAN immediately.

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium Authentication Server The Authentication Server is usually a RADIUS Server. Within the RADIUS Server there is a database of Usernames and Passwords, as well as a Server Certificate. Many RADIUS Servers also have a Certificate Authority Server on them, however it is not required. The RADIUS Server uses the Authentication Protocol(s) set by the user to be allowed on the LAN (i.e. MD5-Challenge, PEAP, TTLS) The Authentication Server is usually a RADIUS Server. Within the RADIUS Server there is a database of Usernames and Passwords, as well as a Server Certificate. Many RADIUS Servers also have a Certificate Authority Server on them, however it is not required. The RADIUS Server uses the Authentication Protocol(s) set by the user to be allowed on the LAN (i.e. MD5-Challenge, PEAP, TTLS)

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium Current Authentication Servers Microsoft Windows Server 2003 Standard Meetinghouse Aegis Radius Server Funk Steel-Belted-Radius Server Cisco Secure ACS Infoblox RADIUSOne FREERADIUS (To be added in the future)

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium Current Supplicants Microsoft Windows Built-in Client (2000/XP) Meetinghouse Aegis Client (2000/XP) Funk Odyssey Client (2000/XP) Xsupplicant (Linux, To be added in the future)

U NIVERSITY of N EW H AMPSHIRE I NTER O PERABILITY L ABORATORY UNH-IOL Bridge Functions Consortium Contact Information Tyler Marcotte, Curtis Simonson InterOperability Laboratory University of New Hampshire 121 Technology Drive Suite 2 Durham, NH (603) (603) (fax) Tyler Marcotte, Curtis Simonson InterOperability Laboratory University of New Hampshire 121 Technology Drive Suite 2 Durham, NH (603) (603) (fax)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.