Using and relying on AAA infrastructure is not new to the enterprise. Many companies already use AAA backend servers to maintain databases of user names, passwords, and permissions, or use Remote Access Dial In User Service (RADIUS) servers to authenticate remote users accessing the corporate network over dial‐in or virtual private network (VPN) connections. Now AAA is being called upon to support another facet of the enterprise ‐ the mobile workforce with clients on the wireless LAN (WLAN).

The IEEE 802.1X standard defines the process of authenticating and authorizing users on a WLAN. 802.1X requires an authentication server, which may be part of an enterprise’s AAA back end. The standard references RADIUS servers as a type of authentication server in the AAA back end.

While this application of AAA is relatively new, AAA infrastructures have already proven their ability to scale to support large numbers of mobile users. The largest Internet service providers (ISPs) have succeeded in delivering consistent access and services to millions of subscribers using AAA infrastructure.

The Trapeze integrated Mobility System works with the AAA back end in four key ways:

1. Offloads several functions from the AAA infrastructure
2. Improves availability by load‐sharing across redundant AAA servers
3. Enforces authorizations and attributes per user
4. Maintains a complete accounting of user roaming and network usage

What has AAA authentication got to do with 802.1x?

802.1x has been adopted as the Encryption element of 802.11i. In order to maximise security and allow a single “network”, LAN or WLAN login user experience, it makes sense to use existing AAA methods and servers. Trapeze Networks technology allows seamless integration within your existing Active Directory or Novell Edirectory AAA systems.

Within Microsoft Active Directory environments IAS can be used on any of your AD servers and in a Novell environment, either Funk/Juniper Steel Belt RADIUS Server or FreeRADIUS on a Linux machine can be used.

What is AAA?

Authentication, Authorisation and Accounting is commonly abbreviated to AAA. AAA summarises the standard suite of functions performed by your existing user database authentication server. In a Microsoft environment it will be Active Directory and in a Novell environment it will be performed by EDirectory.

What is 802.1x?

802.1x has been available on good quality LAN edge switches for several years and has been adopted by quality WLAN vendors.

• 802.1x is a standard for port based network access control.
• 802.1x is a standard for passing EAP over wired or wireless LANs at the data link layer.
• For Wired LANs a username and password combination is used for authentication.
• For Wireless LANs a user name and password combination is used, plus a specific SSID.

802.1x allows a new network user to be authenticated to a networked AAA device prior to any IP traffic being passed, thus eliminating a lot of existing issues where IP connectivity is established to an edge device prior to the device being fully authenticated. It also allows for dynamic VLAN assignment, but your backend AAA server must support this, RADIUS supports this function within its extension fields.

What is 802.11i?

It is the latest form of WLAN security and supersedes WEP.

• utilizes port based security using 802.1x,
• defines key management and authentication.
• uses a four‐way handshake establishes a per user session.
• uses a shared key between user and authenticator.

Do you require qolcom AAA integration services?

We will advise as to the best path for you to take, be it using a proprietary product or an open source solution. qolcom have the requisite skills to get your WLAN AAA integrated and once the initial configuration is completed, adding further WLAN switches – as RADIUS clients – is a straightforward task, which qolcom will be happy to explain and demonstrate where required.