Scribd
Upload
83 views21 pages

P11 IEEE - 802 en Slides

The document discusses IEEE 802 standards for local and metropolitan area networks. It describes the basic architecture of IEEE 802 networks including the media access control (MAC) and logical link control (LLC) layers. It then provides details on several specific IEEE 802 standards including 802.1x port-based network access control, the Extensible Authentication Protocol (EAP), and the EAP over LAN (EAPOL) protocol used to carry EAP packets over IEEE 802 networks.

Uploaded by

oktaviola sibarani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
83 views21 pages

P11 IEEE - 802 en Slides

The document discusses IEEE 802 standards for local and metropolitan area networks. It describes the basic architecture of IEEE 802 networks including the media access control (MAC) and logical link control (LLC) layers. It then provides details on several specific IEEE 802 standards including 802.1x port-based network access control, the Extensible Authentication Protocol (EAP), and the EAP over LAN (EAPOL) protocol used to carry EAP packets over IEEE 802 networks.

Uploaded by

oktaviola sibarani
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

1

  IEEE802 family
  Working group IEEE802.1

  Connecting to IEEE802.1x network

2
  Family of IEEE standards dealing with local
area networks(LAN) and metropolitan area
networks(MAN)
  Work is done in working groups

  More on URL: http://www.ieee802.org/


  challange: Go to the website and review the
contents.

3
  Basic architecture:
  bottom: media
access Control (MAC)
  top: logical link layer
(LLC)
  Seperate access to
the medium and
addressing ->
transfer of frames
4
  uniform frame addressing space
  (local) network has to know how to correctly
send frames

5
  IEEE 802.1 Bridging (networking) and Network
Management
  IEEE 802.2 Logical Link Control – LLC
  IEEE 802.3 Ethernet
  IEEE 802.4 Token bus
  IEEE 802.5 Defines the MAC layer for a Token Ring
  IEEE 802.6 MANs
  IEEE 802.7 Broadband LAN using Coaxial Cable
  IEEE 802.8 Fiber Optic TAG
  IEEE 802.9 Integrated Services LAN
  IEEE 802.10 Interoperable LAN Security

6
  IEEE 802.11 Wireless LAN (WLAN) & Mesh (Wi-Fi certification)
  IEEE 802.12 demand priority
  IEEE 802.13 Used for 100BASE-X Ethernet
  IEEE 802.14 Cable modems
  IEEE 802.15 Wireless PAN (Bluetooth, ...)
  IEEE 802.16 Broadband Wireless Access (WiMAX certification)
  IEEE 802.17 Resilient packet ring
  IEEE 802.18 Radio Regulatory TAG
  IEEE 802.19 Coexistence TAG
  IEEE 802.20 Mobile Broadband Wireless Access
  IEEE 802.21 Media Independent Handoff
  IEEE 802.22 Wireless Regional Area Network
  IEEE 802.23 Emergency Services Working Group (march 2010)

7
  Bridging (networking) and Network
Management
  Connecting between sub-networks
  Network management (for example:
smallest spanning tree)
  Network security
  Working on top of LLC
  More on URL:
http://www.ieee802.org/1/
  challange: Go to the website and review
the contents.

8
  802.1b: LAN/MAN management (removed)
  802.1d: bridges on MAC layer

  802.1e – 802.1g: removed

  802.1h: Ethernet MAC bridges

  802.1q: virtual LAN (VLAN)

  802.1x: network access control (Port Based


Network Access Control)

9
  802.1ab: stations, access control of the
medium and conectivity searching
  802.1ae: security on MAC layer

  802.1ar: safe unit identification

  802.1as: time synchronization and time-


sensitive aplications in networks with bridges
  802.1ax: link aggregation

  802.1ba: avdio/video systems with bridges

10
  Network
access is a service, that enables
usage of other services
  Web access, ...
  more on URL
http://www.ieee802.org/1/pages/
802.1x-2004.html
  challange: Go to the website and review the
contents.

11
  Network access is a service, that enables usage of other
services
  Web access, ...
  Usage of a service can be free or controled
  For controled usage of service we need to:
  Find out, who is a potential user; and
  if he has premission for usage of service.
  authentication and authorisation (logging also
somewhere)
  task: somehow insert AAA into establishment
ofconecting to network

12
  There are three building blocks:
  supplicant
  authenticator
  authentication server
  supplicant signs in to authenticator, that checks his identity on
authentication server and if he is authorised for access to the
network
  task: embend EAP on data link layer
  challange: How(!) authenticator really enables access to network for
supplicant?

EAP RADIUS
authentication
supplicant authenticator
server

13
  standard IEEE 802.1x defines EAP on data link layer – EAP over LAN ->
EAPOL
  Later EAPOL was also used in other work groups IEEE 802.1x:
  802.1ae: security on MAC layer
  802.1ar: safe identification of units
  EAPOL is defined so that his content is sent directly in Ethernet frames with
contents badge 0x888E:
  Preamble (7-bytes) Start Frame Delimiter (1-byte)
  Dest. MAC Address (6-bytes) Source MAC Address (6-bytes)
  Length / Type (2-bytes)
  MAC Client Data (0-n bytes)
  Pad(0-p bytes) Frame Check Sequence (4-bytes)

14
  Defined in RFC 3748
  Support for different authentication protocols

  stepping protocol

15
  inicialization:
when avtenticator (usualy also
switch, WLAN access point etc.) detects new
supplicant, he enables him only IEEE 802.1x
comunication
  From here on EAP protocol starts
EAP RADIUS
authentication
supplicant authenticator
server

16
  invitation: authenticator (periodicaly) sends invitation to supplicant,
to introduce himself
  Supplicant introduces himself to authenticator, which sends introduction
to avtentication server (RADIUS)
  Avtenticator is now just an in between server for avtentication server –
avtentication server is the one that actualy performs the authentication
  trust!! between authenticator and autentication server
  challange: How to program that trust?

EAP RADIUS
authentication
supplicant authenticator
server

17
  negotiation:
is performed between supplicant and
authenticator in accordance with EAP protocol
  which authenticacion protocol,
  challange and response, ...

EAP RADIUS
authentication
supplicant authenticator
server

18
  authentication: supplicant authentication alone

  authenticator,when server authenticates


supplicant, he grantes him access to the local
network
EAP RADIUS
authentication
supplicant authenticator
server

19
  federations authentication servers, who trust
each other
  user of wichever server can authenticate
himself at wichever authenticator in federation
  Challange:Where is now asimetric criptography,
that EDUROAM uses in protocol for authentication?
For authentication of who do we use it? Answer in
the forum for extra points.

20
Thank you for your attention
and
good luck!

21

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy