|
|
Wireless Security (EAP)
Extensible Authentication Protocol
Mocana Embedded EAP
Mocana delivers and open standards based, full featured, RFC compliant Embedded EAP solution. The Mocana Embedded EAP solution offers a complete peer (supplicant) as well as an authenticator that can support pass-through mode and stand-alone mode. Both the supplicant and the authenticator(s) are available individually or as a bundle. The Mocana Embedded EAP solution can prevent unauthorized access to your network devices, easily update your security handling, and independently manage multiple users who require unique security configurations. Separate VLANs can be served by separate EAP instances. Upper-layer APIs enable session creation, initialization, and statistics collection. Lower-layer APIs enable EAP communication over PPP, UDP, or any other protocol.
EAP Overview
EAP acts as a framework and transport mechanism for AAA (Authentication, Authorization, and Accounting) protocols. EAP by itself does not perform AAA tasks or specify how authentication takes place. Instead, it encapsulates third-party messages within its own start and end messages, enabling client-server communication using any protocol - existing standards-based, proprietary, and future mechanisms. The chosen EAP type, such as EAP-TLS or EAP-TTLS, dictates the algorithm used for authentication.
802.1x is the standard for passing EAP messages packaged in Ethernet frames over any LAN (wired or wireless) using any communication protocol, such as TCP/IP, UDP, or PPP. 802.1x provides port-based network access control and is gaining popularity as a wireless security protocol. Although 802.1x is not exclusively for wireless security, it is the basis for the Wi-Fi Alliance's WPA2-Enterprise specification. 802.1x prevents unauthorized access to Wi-Fi networks by controlling the access rights of ports made available to devices outside the network. A device that needs to connect to the network does so through a controlled port that manages the authentication process. If authentication succeeds, general access to the network via the port is permitted.
EAP Architecture
The EAP model contains the following elements:
- The peer (supplicant) is the device that needs to connect to the network.
- The network access server, NAS (also known as the edge device) controls access to the network.
- The authenticator acts in either stand-alone mode to authenticate the peer (in two-tier authentication models) or in pass-through mode to transmit messages between the peer and an authentication server (in three-tier authentication models).
- The authentication server contains the data and logic, such as user names, passwords, and access rights, to make decisions about what services a peer is authorized to use.
|
| Key Benefits |
 |
Open-standards, RFC compliant, full featured |
|
Easy to install and use |
|
Highly configurable |
|
Speeds development cycle |
|
Source Code |
|
Code reuse for smaller memory footprint |
|
Advanced well documented APIs |
|
Advanced cryptography support |
|
High performance zero-threaded, asynchronous architecture |
|
Highly scalable |
|
RTOS neutral and transport agnostic |
|
Ongoing development, maintenance and support |
|
