Guilty Until Proven Innocent (or Authenticated)
Authenticators are traffic cops. In fact, they operate in the same manner as a dynamic firewall. If you are unauthenticated, they won't let any of your traffic through except 802.1x messages. After you authenticate, your traffic is permitted. All of this is accomplished using two virtual ports: a controlled port and an uncontrolled port (Figure 6.2). The uncontrolled port is used solely by the authenticator to communicate with the authentication server. The controlled port begins in an unauthorized state, which blocks all traffic. After the client is authenticated, the controlled port is changed to an authorized state and network traffic is allowed through.
Figure 6.2. Controlled vs. uncontrolled ...
Get How Secure Is Your Wireless Network? Safeguarding Your Wi-Fi LAN now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
