Clarification needed in one of the Security Architecture question in Sybex.
Last Post: April 17, 2012:
-
In N/w Security Architecture chapter of Sybex CWNA book I came across the below question.
For an 802.1X/EAP solution to work properly, which two components must both support same type of EAP?
[b]A. Supplicant[/b]
B. Authorizer
C. Authenticator
[b]D. Authentication Server[/b].Solution: A, D
The AS & Authenticator communicates through RADIUS not EAPoL. My question is whether the Authenticator will encapsulate the entire EAP packet got from Supplicant inside RADIUS or It decrypts the EAP and send values to AS through RADIUS.
Need some assistance in this. Thanks in Advance.
-
Basically, it just needs to be wrapped up in something to traverse a layer 3 network. The EAP part has no IP addressing, so the authenticator turns it into a RADIUS packet and sends it through the network to the authentication server.
The authenticator is just the middle man, and will see EAP and pass it through, no matter what type it is. Hence, the authentication server and supplicant must both have the same EAP type.
-
Thanks Spice_Boy for the quick response. That clarified lot of things in my mind :)
"The authenticator is a translator between the supplicant and the authentication server. As the supplicant and authentication server converse, all communications flow through the authenticator. The authenticator sends the EAP-Method data encapsulated in a RADIUS frame directly to the authentication server. Thus, the conversation between the supplicant and the authentication server is based on a common Language."
-
To be technical, it's a RADIUS packet, not frame, but yes, you are correct.
- 1