Interfaces - 802.1x - EAP - 802.11 Key Exchange
-
Upload
lamar-atkinson -
Category
Documents
-
view
15 -
download
0
description
Transcript of Interfaces - 802.1x - EAP - 802.11 Key Exchange
Interfaces -802.1x - EAP - 802.11 Key Exchange
802.1x /EAP
Key Exchange
Port Activate
Authenticate user/AS
Establish session key
Enable controlled port
portStatus = authorized keyAvailable=True
portValid=True
portActive=True
Changes to state machine
• 802.1x authenticated should not depend on port valid - they are orthogonal
• Port valid is set by key exchange or by configuration as before
• New variable - portActive is needed, as well as some way of coordinating the three states.
Additions to state machine
• 802.1x must sequence through portStatus=Authorized, but not through porta valid or portActive
• Activation of port will depend on application - 802.11 may have virtual ports that are authorized and valid but not active– Note that this will require some additional
changes not described here
Result
• Making these changes make 802.1x and key exchange independent
• Easier to plug in different key exchange machines
• Makes some possibilities for fast roaming easier to conceptualize and implement