Wlan validating identity
An access point or wireless switch would be the authenticator, blocking access via virtual ports. Although the supplicant, authenticator, and authentication server work together to provide the framework for 802.1X port-based access control, an authentication protocol is needed to actually perform the authentication process.
Extensible Authentication Protocol (EAP) is used to provide user authentication.
This dynamic session key is often referred to as the unicast key because it is the dynamically generated key that is used to encrypt and decrypt all unicast data frames.
After the key is created, the AS delivers its copy of the unicast key to the access point.
EAP is a flexible layer 2 authentication protocol that resides under Point-to-Point Protocol (PPP).
The supplicant and the authentication server communicate with each other using the EAP protocol.
The access point and the client station now both have unique unicast keys that can be used.
Once the AS has verified the credentials of the supplicant, the server sends a message to the authenticator that the supplicant has been authenticated and the authenticator is now authorized to open the virtual controlled port, allowing all other traffic to pass through.
A side benefit of EAP protocols that utilize mutual authentication is the generation and distribution of dynamic encryption keys.
Until now, you have learned about only static or preshared WEP keys.
This new-found information is used as seeding material or keying material to generate a matching dynamic encryption key for both the supplicant and the authentication server.
These dynamic keys are generated per session per user, meaning that every time a client station authenticates, a new key is generated and every user has a unique and separate key.