Product SiteDocumentation Site

5.4. Configuring Connection Settings

5.4.1. Configuring 802.1x Security

802.1x security is the name of the IEEE standard for port-based Network Access Control (PNAC). Simply put, 802.1x security is a way of defining a logical network out of a physical one. All clients who want to join the logical network must authenticate with the server (a router, for example) using the correct 802.1x authentication method.
802.1x security is most often associated with securing wireless networks (WLANs), but can also be used to prevent intruders with physical access to the network (LAN) from gaining entry. In the past, DHCP servers were configured not to lease IP addresses to unauthorized users, but but for various reasons this practice is both impractical and insecure, and thus is no longer recommended. Instead, 802.1x security is used to ensure a logically-secure network through port-based authentication.
802.1x provides a framework for WLAN and LAN access control and serves as an envelope for carrying one of the Extensible Authentication Protocol (EAP) types. An EAP type is a protocol that defines how WLAN security is achieved on the network.
You can configure 802.1x security for a wired or wireless connection type by opening the Network Connections window (refer to Section 5.2.2, “Configuring New and Editing Existing Connections”) and following the applicable procedure:
Procedure 5.3. For a wired connection...
  1. Select the Wired tab.
  2. Either click on Add to add a new network connection for which you want to configure 802.1x security, or select an existing connection and click Edit.
  3. Then select the 802.1x Security tab and check the Use 802.1x security for this connection checkbox to enable settings configuration.
  4. Proceed to
Procedure 5.4. For a wireless connection...
  1. Select the Wireless tab.
  2. Either click on Add to add a new network connection for which you want to configure 802.1x security, or select an existing connection and click Edit.
  3. Then click the Security dropdown and choose one of the following security methods: LEAP, Dynamic WEP (802.1x), or WPA & WPA2 Enterprise.
  4. Refer to for descriptions of which EAP types correspond to your selection in the Security dropdown.

5.4.1.1. Configuring TLS (Transport Level Security) Settings

With Transport Level Security, the client and server mutually authenticate using the TLS protocol. The server demonstrates that it holds a digital certificate, the client proves its own identity using its client-side certificate, and key information is exchanged. Once authentication is complete, the TLS tunnel is no longer used. Instead, the client and server use the exchanged keys to encrypt data using AES, TKIP or WEP.
The fact that certificates must be distributed to all clients who want to authenticate means that the the EAP-TLS authentication method is very strong, but also more complicated to set up. Using TLS security requires the overhead of a public key infrastructure (PKI) to manage certificates. The benefit to TLS security is that a compromised password does not allow access to the (W)LAN: an intruder must also have access to the authenticating client's private key.
Identity
User certificate
CA certificate
Private key
Private key password

5.4.1.2. Configuring Tunneled TLS Settings

Anonymous identity
CA certificate
Inner authentication
PAP
MSCHAP
MSCHAPv2
CHAP
Username
Password

5.4.1.3. Configuring Protected EAP (PEAP) Settings

Anonymous Identity
CA certificate
PEAP version
Inner authentication
MSCHAPv2
MD5
GTC
Username
Password