Introduction

802.1x is a protocol that enables port-based authentication. (Ports, in this context are defined at Layer 1; i.e., a physical port on a switch, as opposed to a Layer 4 TCP port; i.e., Port 80 on a Web server). Although not originally designed for wireless networks, 802.1x can be used to greatly enhance security in an 802.11 environment and can be used if you are trying to lock down the physical ports in your wired network. What happens if an intruder can gain physical access to your building and plug a laptop into an open RJ45 plug? If you have DHCP enabled, the intruder is handed an IP address and away he goes, trampling across your network! 802.1x is kind of like a traffic cop for the RJ-45 plug. In a wireless context, you can just think of each wireless client as a virtual RJ-45 connection. 802.1x blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on a back-end server (typically RADIUS).

In this chapter, we will walk you through the 802.1x process and explain how it works in a wireless context. Next, we will cover the specific 802.1x components and Extensible Authentication Protocol (EAP) types and explain how they can be used to enhance your security posture.