Introduction to three common ways of network authentication

Network authentication is a user access to a network after the first contact function, especially in the wireless network, and now almost no need to authenticate to access networks.

The common network authentication technology mainly has three kinds: 802.1X, MAB, WebAuth, this paper will briefly introduce the realization principle and application scenario of these technologies.

• 802.1X

The 802.1X protocol is a client/server-based access control and authentication protocol. It can restrict unauthorized users/devices from accessing Lan/wlan through the access port. 802.1X authenticates the user/device connected to the switch port before acquiring the various services offered by the switch or LAN. Before authentication is passed, 802.1x only allows EAPOL (LAN-based Extended authentication protocol) data to be connected to the switch port via the device, and after authentication passes, normal data can be successfully passed through the Ethernet port.

802.1X is the first network access authentication protocol, is still widely used, it is for this reason, now common network devices such as switches, wireless hotspots, wireless controllers, etc. are supported by default 802.1X protocol.

802.1X protocol Most people are criticized is its C/s architecture, which means that the need to access the network terminal equipment must be able to install the client software can be authenticated operation, operation cumbersome and there is a compatibility problem, especially in the various manufacturers have a large number of private properties, the certification system of the various manufacturers, clients, Authentication devices (switches, wireless devices) are all incompatible. In recent years, with the maturity of the agreement and customer pressure, the standard type of 802.1X has been greatly improved, the current mainstream network equipment manufacturers support the use of various operating systems with 802.1X client authentication operation, so that there is no need to install third-party client software.

• 802.1X-based, no-sense authentication
  

The client software that comes with the operating system supports automatic detection of wireless networks, automatic connection, and automatic authentication via saved account passwords, enabling a "no-sense" authentication experience for end users.

• WebAuth

Webauth is also known as the Webportal certification, the implementation process is: User authentication, regardless of access to any address, will be redirected to a designated page (called Portal-page), need to enter the account password on this portal page for authentication, certification through the rear can be a smooth internet. The backend is still the RADIUS protocol compared to 802.1X, but the part that interacts with the user is changed from EAPOL to HTTP.

The benefits of Webauth are obvious, that is, there is no need to install any client, in other words it is a B/s architecture authentication method. Another obvious benefit is that Webauth provides a portal page to interact with the user, so many articles can be made based on this certification page, which is why all public wireless networks now use the Webauth authentication method, Businesses will be through the portal page to push some ads, notifications, etc., as this is the only way for users to surf the Internet, so the display of ads here is very good.

Based on Webauth can also derive a variety of authentication forms, these forms are only the elements used in certification, the authentication method itself or Webauth, such as the use of SMS verification Code certification, such as the use of public attention to the certification, etc., these are based on the certification providers want to collect information and expand the design.

• MAB

Mab is the MAC address Bypass,mac addresses authentication. The above mentioned 802.1X and Webauth authentication methods, all need to be authenticated terminal input specified account number and password, but for some dumb devices, this is not possible, such as network printers, IP phones, etc., MAB authentication method is for these equipment certification and launched. MAB Authentication process is: A device access network, access network equipment will acquire the MAC address of the device, and self-initiated verification, the RADIUS server in the background will verify that the MAC address is already provisioned in the system, if there is, notify the access network devices to release the terminal, if not, The device's network access is denied.

• Authentication sequence Flexauth

The above three kinds of network authentication method can be used together, Cisco calls it as Flexauth authentication sequence, advanced authentication system such as Cisco's Ise, Ruijie's SMP, Sam all support this authentication method, configure two or more authentication methods on the same network interface, and set priority. Can achieve unexpected results, as mentioned below:

• Webauth no-sense authentication

Webauth no need to install the client, but every time the Internet need to enter the account password or more cumbersome, for regular users (such as enterprise employees), can be achieved through Flexauth combined with MAB and Webauth: Configure MAB and webauth,mab on the same interface with the highest priority , Webauth. First user access to determine whether to pass the MAC address authentication, if not through the authentication system does not have this MAC address, then pop up the portal page, let the user through the account password authentication, if the certification passed, then the user is legal, while recording the user's MAC address. The second and later when the user access to the network, still priority to determine the legitimacy of the MAC address, because the user has registered the MAC address on the first access, so from the second time after the user mab, the ultimate user experience is a non-perceptual authentication method.

The above is for three kinds of common network authentication technology and its expansion of the introduction, hope to be useful to everyone.

This article is from the "explore the mysteries of solution Marketing" blog, make sure to keep this source http://jimqu.blog.51cto.com/105370/1629643

Introduction to three common ways of network authentication