please do not misunderstand me. there is nothing bad about confusing the (terrible) abbreviations and standard names in the communications. i just wanted to know if there is one more thing that i totally missed and definitely should know about :)
i don't expect people to research everything before asking. (if we did that, there would be hardly any such thing as a user news group). Jason Lixfeld wrote: > Interesting. I thought that there was a standard in the process of > being ratified where some of the Cisco LEAP extensions were going to be > built into an 802.11 security extension which I though was X. I didn't > research it, rather I took the word from the guy who told me as gospel. > I either misunderstood or he doesn't know what he's talking about. I'd > like to think the former is more likely than the latter. just for the case, you didn't know that or for general information: 802.1X is the standard of port based access control to the 802 networks. i.e. basically you have an access device which blocks every link layer frames except if they carry an EAP message in them. so, the protocol also describes how to carry EAP (which is originally designed to be carried in the PPP messages, just like CHAP or PAP) directly in the 802 frames. they call it EAPoL (over LAN) or EAPoW (over Wireless). so, the access device (e.g. an access point, AP) accepts the EAP frames and, depending on their information it acts in some way. IEEE explicitely states that an AP could directly respond to those messages according to the carried type etc. but they suggest of course to use some centralized architecture. notably they explicitely describe the usage with RADIUS. and so, the most APs accept EAP on one side and translate it into RADIUS at the other and vs. now EAP itself can carry whichever information. the EAP-methods on the both sides of the connections take the appropriate actions and the AP (if it is not the method carrier itself) is finally informed by the RADIUS-access accept message. if it gets this message, it opens the controlled port completely, thus accepting whichever arriving frames. otherwise the port remains in the controlled state, i.e. only EAP messages are treated. LEAP could be probably seen as a special EAP type. but i think there are some more differencies in it, notably because the APs AND the Server are concerned at the same time. that would never be the case in 802.1X. ciao artur -- Artur Hecker Groupe Acc�s et Mobilit� hecker[at]enst[dot]fr D�partement Informatique et R�seaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
