Open authentication – no security or encryption.
With WEP (PSK):
- Client tries to authenticate.
- AP replies with challenge text.
- Client replies with auth string
- Authentication is approved or rejected by AP.
802.1x – default state of being is NO.
- Client PC providing credentials to be authenticated is the supplicant
- The AP asking for credentials is the authenticator
- The server validating the credentials authentication server (ACS, ISE, etc)
- Protocol used between the authenticator and the authenticating server is RADIUS.
- Provided the supplicant passes authentication, the authenticating server can also send a unique key to be used for encryption between the AP and the client for this wireless session.
EAP – Extensible Authentication Protocol
- LEAP (Lightweight) – AAA server and the client authenticate each other.
- FAST (EAP-Flexible Authentication via Secure Tunneling) – AAA server and the client authenticate each other via a secure tunnel using a PAC (Protected Access Credentials).
- PEAP (Protected EAP) – AAA server users digital certificate. Client uses username and password.
- EAP-TLS (Transport Layer Security) –