Access RADIUS Client Point Server Network Certificate 802.11 Associatio EAP-TLS Sessic Wireless Client authenticates RADIUS Serve RADIUS server sends its Certificate) TLS RADIUS Server authenticates Wireless Client encry ption (Wireless Client sends its Certificate) Denied ves WEP key Access Point sends WEP key to Wireless Client WEP encrypted traffic Decrypted traffic passed to network Figure 7: 802.1x EAP-TLS authentication 802. 1x EAP-TLs operation with the eas in Controller Mode is shown in figure 8. The wireless client has its digital certificate pre-installed, as does the EAs. the wireless client communicates with the EAs via the AP. All three components(wireless client, AP and EAs) support the 802.1x EAP-TLS process. The wireless client can use Windows XP(which has built-in support for 802. 1x EAP-TLs)or can also be used with the EAS configured in Gateway Mode sing t U). once authenticated the user's Wired-side Wireless-side Server Certificate Corpor Switched or Router Access server Firewall and/or VPN serve Client Certificate 802.11 WLAN Client Access Point Figure 8: 802.1x EAP-TLS operation in Controller Mode WWP-001 Copyright@ 2002-2003 Madge Limited. All rights reserved 6RADIUS Server authenticates Wireless Client (Wireless Client sends its Certificate) 802.11 Association Wireless Client authenticates RADIUS Server (RADIUS server sends its Certificate) WEP encrypted traffic Decrypted traffic passed to network Access Point Wireless Client RADIUS Server Network Network access denied WEP encryption TLS negotiated encryption Network Access Denied Server Certificate Client Certificate Access Point sends WEP key to Wireless Client Access Point derives WEP key EAP-TLS Session Figure 7: 802.1x EAP-TLS authentication 802.1x EAP-TLS operation with the EAS in Controller Mode is shown in figure 8. The wireless client has its digital certificate pre-installed, as does the EAS. The wireless client communicates with the EAS via the AP. All three components (wireless client, AP and EAS) support the 802.1x EAP-TLS process. The wireless client can use Windows XP (which has built-in support for 802.1x EAP-TLS) or Windows 98/Me/2000 by using the Madge Wireless LAN Utility (WLU). Once authenticated the user’s data is routed directly to the corporate intranet without passing through the SWAS. 802.1x EAP-TLS can also be used with the EAS configured in Gateway Mode. Wired-side Wireless-side Switched or Routed Network Corporate Intranet Firewall and/or VPN server (optional) 802.11 Access Point Enterprise Access Server WLAN Client Client Certificate 802.1x Authentication Server Certificate Figure 8: 802.1x EAP-TLS operation in Controller Mode WWP-001 Copyright © 2002-2003 Madge Limited. All rights reserved. Page 6