An exchange of messages (PEAP/MSCHAPv2) between the Windows supplicant, the wireless access point/wired switch, and the RADIUS server allows network access if the correct credentials were entered. After the 802.1X authentication has succeeded, both the eDirectory and local logins take place just as they have in previous versions of the Clients. The major new functionality in this drop is an almost complete redesign of the UI. The new UI has a lot of features that will make the supplicant easier to use. Among them is a configuration wizard, an 'at-a-glance' list of available SSIDs, and a quick connect option from the tray icon. The Client includes an Extensible Authentication Protocol (EAP) plug-in to the Microsoft Windows supplicant, which lets users authenticate through RADIUS to wireless access points and wired switches for added network security.
In computer networking, a supplicant is an entity at one end of a point-to-pointLAN segment that seeks to be authenticated by an authenticator attached to the other end of that link. The IEEE 802.1X standard[1] uses the term 'supplicant' to refer either to hardware or to software. In practice, a supplicant is a software application installed on an end-user's computer. The user invokes the supplicant and submits credentials to connect the computer to a secure network. If the authentication succeeds, the authenticator typically allows the computer to connect to the network.
A supplicant, in some contexts, refers to a user or to a client in a network environment seeking to access network resources secured by the IEEE 802.1X authentication mechanism. But saying 'user' or 'client' over-generalizes; in reality, the interaction takes place through a personal computer, an Internet protocol (IP) phone, or similar network device. Each of these must run supplicant software that initiates or reacts to IEEE 802.1X authentication requests for association.
Overview[edit]
Businesses, campuses, governments and all other social entities across-the-board in need of security may resort to the use of IEEE 802.1X authentication to regulate users access to their corresponding network infrastructure. And to enable this, client devices need to meet supplicant definition in order to gain access. In businesses, for example, it is very common that employees will receive their new computer with all the necessary settings appropriately set for IEEE 802.1X authentication, in particular when connecting wirelessly to the network.[2]
Access[edit]
For a supplicant capable device to gain access to the secured resources on a network, some preconditions should be observed and a context that will make this feasible. The network to which the supplicant needs to interact with must have a RADIUS Server also known as Authentication Server, an Authenticator and optionally a Dynamic Host Configuration Protocol (DHCP) server if automatic Internet protocol (IP) address assignment is sought after, and in certain configurations, an active directory domain controller. This is particularly true in Microsoft environment especially when using Internet Authentication Service (IAS) or Network Policy Server (NPS) as the software running on the Authentication Server.[3]
Supplicant list[edit]
Supplicants include but are not limited to:
- Windows 2000/XP built in
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Mac OS X built in ('Internet Connect' utility)
- OS 10.3 or higher
- AnyConnect Network Access Manager
- Odyssey
- SecureW2[4]
Mechanism[edit]
One aspect of reality a user needs to understand and, more likely comply with the network administrator is the use of user name and password, or a Media Access Control (MAC) Address as the minimum that will be required for account setup.
On a Windows machine, taking an example of Windows 8, one should make sure to enable one's client to act as a supplicant by going to the Network Properties of the Network Interface Card (NIC), and from the Authentication tab, 'Enable IEEE 802.1X authentication' need to be checked. Similar steps need to be taken on other network devices that provide support for IEEE 802.1X authentication.[5] This is the most important single step a user will need to make in order for one's network device to act as a supplicant.
Notes[edit]
Note that IAS was being used up to Windows Server 2003; since then, it has been replaced by NPS on all subsequent Windows Server releases (2008, 2012...). IAS and NPS are not the only RADIUS Servers, some other include: FreeRadius, Cisco Secure Access Control System (ACS) Server...
Windows Supplicant
References[edit]
- ^'Get IEEE 802: Local And Metropolitan Area Network Standard'(PDF). Retrieved November 7, 2014.
- ^'802.1X Authenticated Wireless Access Overview'. Retrieved November 8, 2014.
- ^'How 802.1x authentication works'. Retrieved November 8, 2014.
- ^'WPA2-Enterprise and 802.1x Simplified'. Retrieved May 23, 2017.
- ^'To set up 802.1x authentication'. Retrieved November 7, 2014.
Windows Supplicant Configuration
External links[edit]
802.1x Supplicant
- Understanding 802.1x authentication on Microsoft
- Cisco Secure Access Control System on Cisco
- What is 802.1x Security Authentication for Wireless Networks? on Netgear
- Creating a secure 802.1x wireless infrastructure using Microsoft Windows on Microsoft Technet
- [1] on SecureW2