Re: simple theoretical 802.1x question

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Steve (no-address_at_hatespam.com)
Date: 06/21/04

  • Next message: Thomas Kuborn: "Re: simple theoretical 802.1x question" 
    Date: Mon, 21 Jun 2004 02:50:35 GMT

    The switch should have 'opened up' access on a client by client basis. It
    should not open all ports for all clients as soon as one authenticates.
    802.1x is a framework for both authentication and key exchange and so after
    the client is successfully authenticated encryption keys are negotiated with
    that particular client. No other client can have the same keys and would
    therefore not be able to encrypt or decrypt or produce a valid message
    authentication code.

    Correctly functioning APs will authenticate each client independantly and
    only allow traffic from individually authenticated clients.

    Steve

    "Maarten" <maarten_ve@nospamhotmail.com> wrote in message
    news:SMeBc.161114$FW2.8299631@phobos.telenet-ops.be...
    > "Steve" <no-address@hatespam.com> schreef in bericht
    > news:T4dBc.74564$eu.25556@attbi_s02...
    > > Between the AP and client EAP Over LAN (EAPOL) messages are sent with
    the
    > > addresses used for these messages being the MAC address of the client
    and
    > > AP. Only after the client is authenticated essentially at layer 2
    > > (ethernet) does the AP 'open up' and allow DHCP, IP, etc.
    > >
    > > see: http://www.javvin.com/protocol8021X.html
    > >
    > > Steve
    > >
    >
    > Yes, thank you for your reply
    > But what if several clients connect? My experience (on the normal switch
    > 3com 4400) was that once a user logged in on a port, other unautherised
    > users could also use that port together with the authorised user. But of
    > course the authorised user had to log in (and open the port) before the
    > others users could use it aswell.
    >
    > So I'm expecting the same with an AP?
    >
    >

  • Next message: Thomas Kuborn: "Re: simple theoretical 802.1x question"

    Relevant Pages

    • Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
      ... do you have OE set to send Authentication on the ... Just looking at the logs, for the 587 port there is no auth going on there, ... > Protocol: SMTP, Server Response: '530 5.7.1 Client was not> authenticated', ... > The Hub Transport Server sits in a different domain, ...
      (microsoft.public.exchange.connectivity)
    • Re: Exchange 2007SP1 Hub Transport Receive Connector Problem
      ... because as soon as the connector and the client are configured to use ... As soon as I change both back to port 25 it doesn't. ... I'm not using Secure Password Authentication. ... The Hub Transport Server sits in a different domain, ...
      (microsoft.public.exchange.setup)
    • Re: Problem with Exchange 2007 SP1 Receive Connector and SMTP
      ... do you have OE set to send Authentication on the ... Just looking at the logs, for the 587 port there is no auth going on there, ... Protocol: SMTP, Server Response: '530 5.7.1 Client was not authenticated', ... The Hub Transport Server sits in a different domain, ...
      (microsoft.public.exchange.connectivity)
    • Re: Windows Authentication, Single sign on and Active Directory
      ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
      ... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ...
      (microsoft.public.inetserver.iis.security)