SlideShare a Scribd company logo

802.1x authentication

Download as PPTX, PDF
Xiaoqi Zhao
Xiaoqi Zhao

Detail phases for using 802.1X authentication, total 11 steps.

Technology
1 of 18
802.1x Authentication Zhao Xiaoqi
This section provides an overview of the components and the processes involved in establishing 802.11 wireless connections to 802.1X authenticating infrastructure networks. THE AUTHENTICATION PROCESS - WIRELESS Volvo IT
Association with the Wireless AP and Link-Layer Authentication When a wireless network adapter is turned on, it begins to scan across the wireless frequencies (spectrum) for wireless APs and other wireless clients. Scanning is an active process in which the wireless adapter sends Probe-Request frames on all channels of the ISM frequency range and listens for the Probe-Response frames sent by wireless APs and other wireless clients. After scanning, Windows instructs the wireless adapter to connect to a network, based on the configured preferences. This choice is made automatically by using the SSID of a known or preferred wireless network and the wireless AP with the best signal strength (the highest signal-to-noise ratio). Next, the wireless client negotiates the use of a logical wireless port with the chosen wireless AP. This process is known as association. The wireless client’s configuration settings determine whether the wireless client prefers to connect with infrastructure or ad-hoc mode networks. By default, a wireless client running Windows Vista, Windows XP, or Windows Server 2003 prefers infrastructure mode wireless networks over ad-hoc mode wireless networks. If the signal strength of the wireless AP is too low, if the error rate is too high, or if instructed by the operating system, the wireless client scans for other wireless APs to determine whether a different wireless AP can provide a stronger signal to the same wireless network. If so, the wireless client negotiates a connection with that wireless AP. This process is known as roaming. Volvo IT
802.1x Authentication Phases - Wireless 1. Scanning 7. Access-Accept 2. Association 8. 802.1X Controlled Port 3. Access Request 9. DHCP Address Request 4. EAP 10. Group Policy Applied 5. Authentication 11. Network Access 6. Authorization Volvo IT
Phase 1: Scanning The client scans for an AP using a Probe Request. Volvo IT
Phase 2: Association The client associates with the AP: – The AP registers the client’s MAC address and assigns a unique virtual port that is mapped to that MAC address. – The client registers the MAC address of the AP as the only device to which it is permitted to associate (until such time that is disassociates and then reassociates with another AP or wireless device). Volvo IT
Phase 3: Access Request Using its 802.1X uncontrolled port, the AP forwards a RADIUS Access-Request message to the RADIUS (IAS) server. Note TCP/IP frames generates by the wireless client can only be sent to the network through the controlled port. The client cannot send frames using the controlled port until it is authenticated and authorized. Volvo IT
Volvo IT
Phase 4: EAP If the server running IAS does not reject the Access-Request, the EAP authentication method is negotiated between the client and IAS. After the negotiation is complete, the AP forwards messages between the client and the server running IAS. Note There are many EAP authentication types. Both EAP-TLS and PEAP-MS-CHAPv2 are supported natively in Windows Server 2003, Windows XP, and Windows Vista. Note When PEAP is used, a TLS session is first created between the access client and the server running IAS; authentication then occurs through the secure TLS session. Volvo IT
Phase 5: Authentication After the EAP authentication method is agreed upon between the client and IAS, the server running IAS sends its server certificate chain to the client computer as proof of identity. The client computer uses the IAS server certificate to authenticate the server running IAS. Successful PEAP-MS-CHAPv2 authentication requires that the client trusts the server running IAS after validating the IAS server certificate chain. For the client to trust the server running IAS, the root CA certificate of the issuing CA of the server certificate must be installed in the Trust Root Certification Authorities certificate store on client computer. After the client authenticates the server, the client sends password-based user credentials to the server running IAS, which verifies the client credentials against the user accounts database in Active Directory. – If the credentials are not valid, IAS sends an Access-Reject message to the AP in response to the connection request. – If the credentials are valid, the server running IAS proceeds to the Authorization phase. Volvo IT
Phase 6: Authorization The server running IAS performs authorization, as follows: a. IAS checks the users or computer account dial-in properties in Active Directory. b. IAS then attempts to find a remote access policy that matches the connection request. If a matching remote access policy is found, IAS authorizes the connection request based on that policy. Volvo IT
Phase 7: Access-Accept If the authorization is successful, IAS sends the AP an Access- Accept message. If authorization is not successful, IAS sends an Access-Reject message. Volvo IT
Volvo IT
Phase 8: 802.1X Controlled Port As part of authentication, 802.1X dynamically generates session keys from which it further derives encryption keys to secure the wireless connection. The encryption keys are configured on both the wireless AP and the client; all subsequent data traffic is protected. The wireless AP enables the controlled port; traffic from the wireless client is allowed to traverse the port. Volvo IT
Phase 9: DHCP Address Request The client sends a DHCP address request through the 802.1X controlled port to the network. If a DHCP server responds, the client obtains an IP address. Volvo IT
Phase 10: Group Policy Applied If configured, updated Group Policy is applied on the client during domain logon operation; this includes the Wireless Network (IEEE802.11) Policies Group Policy extension. Note For computer already configured with Wireless Network (IEEE 802.11) Policies, Group Policy is applied when the computer is started, and whenever an updated policy is downloaded. If Group Policy is updated on the server while the computer is turned off, the last known policy (which might be stale) is immediately applied when the computer is started. If the 802.1X settings on the computer enable IAS to authorize the computer for network access, updated policies are downloaded and applied when the computer connects to the network, prior to user authentication. If 802.1X settings on the computer cannot enable IAS to authorize the computer for network access at startup, then application of updated policies occurs immediately after user authentication. Volvo IT
Phase 11: Network Access The client is able to access network resources, contingent upon any applied restrictions. Volvo IT
Volvo IT

Recommended

Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi HackingPaul Gillingwater, MBA
 
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...kds850
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesAruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 

Recommended

Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
802.1x
802.1x802.1x
802.1xakruthi k
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi HackingPaul Gillingwater, MBA
 
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...kds850
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesAruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xAruba, a Hewlett Packard Enterprise company
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXssuser5824cf
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep divesolarisyougood
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingAruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)Aruba, a Hewlett Packard Enterprise company
 
ACI Hands-on Lab
ACI Hands-on LabACI Hands-on Lab
ACI Hands-on LabCisco Canada
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAirheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingAruba, a Hewlett Packard Enterprise company
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deploymentsEMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deploymentsAruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointAruba, a Hewlett Packard Enterprise company
 
QoS in 5G You Tube_Pourya Alinezhad
QoS in 5G You Tube_Pourya AlinezhadQoS in 5G You Tube_Pourya Alinezhad
QoS in 5G You Tube_Pourya AlinezhadPourya Alinezhad
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MABEmerson Barros Rivas
 
Best Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-FiBest Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-FiAruba, a Hewlett Packard Enterprise company
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
IEEE 802.1x
IEEE 802.1xIEEE 802.1x
IEEE 802.1xDavid Rafael Ruilova Campoverde
 

More Related Content

What's hot

Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXssuser5824cf
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep divesolarisyougood
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 
QoS in 5G You Tube_Pourya Alinezhad
QoS in 5G You Tube_Pourya AlinezhadQoS in 5G You Tube_Pourya Alinezhad
QoS in 5G You Tube_Pourya AlinezhadPourya Alinezhad
 

What's hot (20)

EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep dive
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
ACI Hands-on Lab
ACI Hands-on LabACI Hands-on Lab
ACI Hands-on Lab
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
 
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAirheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturing
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id concepts
 
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deploymentsEMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
 
QoS in 5G You Tube_Pourya Alinezhad
QoS in 5G You Tube_Pourya AlinezhadQoS in 5G You Tube_Pourya Alinezhad
QoS in 5G You Tube_Pourya Alinezhad
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Best Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-FiBest Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-Fi
 

Viewers also liked

IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationAxis Communications
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for SeacoastSithideth Banavong
 
Ieee 802.1 redes lan
Ieee 802.1 redes lanIeee 802.1 redes lan
Ieee 802.1 redes lanomegaleonx45
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication StandardDan Miller
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
 

Viewers also liked (20)

Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
IEEE 802.1x
IEEE 802.1xIEEE 802.1x
IEEE 802.1x
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ Implementation
 
802.1x
802.1x802.1x
802.1x
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast
 
Ieee 802.1 redes lan
Ieee 802.1 redes lanIeee 802.1 redes lan
Ieee 802.1 redes lan
 
padrão ieee 802.2
padrão ieee 802.2padrão ieee 802.2
padrão ieee 802.2
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication Standard
 
Arquitetura IEEE 802
Arquitetura IEEE 802Arquitetura IEEE 802
Arquitetura IEEE 802
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's Backbone
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
 
SKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORKSKYPE AS OVERLAY NETWORK
SKYPE AS OVERLAY NETWORK
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
 
Overlay network
Overlay networkOverlay network
Overlay network
 

Similar to 802.1x authentication

Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)Cisco Service Provider Mobility
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
Wi fi security dedicated architectures
Wi fi security dedicated architecturesWi fi security dedicated architectures
Wi fi security dedicated architecturesparipec
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfdjameleddine2015
 
Cert0101 HPE6-A42 & HPE6-A70.pdf
Cert0101 HPE6-A42 & HPE6-A70.pdfCert0101 HPE6-A42 & HPE6-A70.pdf
Cert0101 HPE6-A42 & HPE6-A70.pdfAllen Kuo
 
Handlink ISS-6000 Presentation
Handlink ISS-6000 PresentationHandlink ISS-6000 Presentation
Handlink ISS-6000 PresentationITWare
 
10 steps for troubleshooting wi fi
10 steps for troubleshooting wi fi10 steps for troubleshooting wi fi
10 steps for troubleshooting wi fiTaylorStepanski
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareyayao
 
802 11 3
802 11 3802 11 3
802 11 3rphelps
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
 
Ch11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comCh11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comphanleson
 
wireless local area networks (http://4knet.ir)
wireless local area networks (http://4knet.ir)wireless local area networks (http://4knet.ir)
wireless local area networks (http://4knet.ir)Azad Kaki
 
8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guideWilson Ospina
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 

Similar to 802.1x authentication (20)

Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
Service Provider Wi-Fi Networks: Scaling Signaling Transactions (White Paper)
 
Remote access service
Remote access serviceRemote access service
Remote access service
 
Wi fi security dedicated architectures
Wi fi security dedicated architecturesWi fi security dedicated architectures
Wi fi security dedicated architectures
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
 
Cert0101 HPE6-A42 & HPE6-A70.pdf
Cert0101 HPE6-A42 & HPE6-A70.pdfCert0101 HPE6-A42 & HPE6-A70.pdf
Cert0101 HPE6-A42 & HPE6-A70.pdf
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
 
Handlink ISS-6000 Presentation
Handlink ISS-6000 PresentationHandlink ISS-6000 Presentation
Handlink ISS-6000 Presentation
 
Sw8021x
Sw8021xSw8021x
Sw8021x
 
10 steps for troubleshooting wi fi
10 steps for troubleshooting wi fi10 steps for troubleshooting wi fi
10 steps for troubleshooting wi fi
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
802 11 3
802 11 3802 11 3
802 11 3
 
Introduction to WAP
Introduction to WAPIntroduction to WAP
Introduction to WAP
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
Wireless Networks
Wireless NetworksWireless Networks
Wireless Networks
 
Ch11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.comCh11 Hacking Wireless Networks it-slideshares.blogspot.com
Ch11 Hacking Wireless Networks it-slideshares.blogspot.com
 
Lec 6.pptx
Lec 6.pptxLec 6.pptx
Lec 6.pptx
 
wireless local area networks (http://4knet.ir)
wireless local area networks (http://4knet.ir)wireless local area networks (http://4knet.ir)
wireless local area networks (http://4knet.ir)
 
8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guide
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 

Recently uploaded

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Recently uploaded (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

802.1x authentication

  • 1. 802.1x Authentication Zhao Xiaoqi
  • 2. This section provides an overview of the components and the processes involved in establishing 802.11 wireless connections to 802.1X authenticating infrastructure networks. THE AUTHENTICATION PROCESS - WIRELESS Volvo IT
  • 3. Association with the Wireless AP and Link-Layer Authentication When a wireless network adapter is turned on, it begins to scan across the wireless frequencies (spectrum) for wireless APs and other wireless clients. Scanning is an active process in which the wireless adapter sends Probe-Request frames on all channels of the ISM frequency range and listens for the Probe-Response frames sent by wireless APs and other wireless clients. After scanning, Windows instructs the wireless adapter to connect to a network, based on the configured preferences. This choice is made automatically by using the SSID of a known or preferred wireless network and the wireless AP with the best signal strength (the highest signal-to-noise ratio). Next, the wireless client negotiates the use of a logical wireless port with the chosen wireless AP. This process is known as association. The wireless client’s configuration settings determine whether the wireless client prefers to connect with infrastructure or ad-hoc mode networks. By default, a wireless client running Windows Vista, Windows XP, or Windows Server 2003 prefers infrastructure mode wireless networks over ad-hoc mode wireless networks. If the signal strength of the wireless AP is too low, if the error rate is too high, or if instructed by the operating system, the wireless client scans for other wireless APs to determine whether a different wireless AP can provide a stronger signal to the same wireless network. If so, the wireless client negotiates a connection with that wireless AP. This process is known as roaming. Volvo IT
  • 4. 802.1x Authentication Phases - Wireless 1. Scanning 7. Access-Accept 2. Association 8. 802.1X Controlled Port 3. Access Request 9. DHCP Address Request 4. EAP 10. Group Policy Applied 5. Authentication 11. Network Access 6. Authorization Volvo IT
  • 5. Phase 1: Scanning The client scans for an AP using a Probe Request. Volvo IT
  • 6. Phase 2: Association The client associates with the AP: – The AP registers the client’s MAC address and assigns a unique virtual port that is mapped to that MAC address. – The client registers the MAC address of the AP as the only device to which it is permitted to associate (until such time that is disassociates and then reassociates with another AP or wireless device). Volvo IT
  • 7. Phase 3: Access Request Using its 802.1X uncontrolled port, the AP forwards a RADIUS Access-Request message to the RADIUS (IAS) server. Note TCP/IP frames generates by the wireless client can only be sent to the network through the controlled port. The client cannot send frames using the controlled port until it is authenticated and authorized. Volvo IT
  • 9. Phase 4: EAP If the server running IAS does not reject the Access-Request, the EAP authentication method is negotiated between the client and IAS. After the negotiation is complete, the AP forwards messages between the client and the server running IAS. Note There are many EAP authentication types. Both EAP-TLS and PEAP-MS-CHAPv2 are supported natively in Windows Server 2003, Windows XP, and Windows Vista. Note When PEAP is used, a TLS session is first created between the access client and the server running IAS; authentication then occurs through the secure TLS session. Volvo IT
  • 10. Phase 5: Authentication After the EAP authentication method is agreed upon between the client and IAS, the server running IAS sends its server certificate chain to the client computer as proof of identity. The client computer uses the IAS server certificate to authenticate the server running IAS. Successful PEAP-MS-CHAPv2 authentication requires that the client trusts the server running IAS after validating the IAS server certificate chain. For the client to trust the server running IAS, the root CA certificate of the issuing CA of the server certificate must be installed in the Trust Root Certification Authorities certificate store on client computer. After the client authenticates the server, the client sends password-based user credentials to the server running IAS, which verifies the client credentials against the user accounts database in Active Directory. – If the credentials are not valid, IAS sends an Access-Reject message to the AP in response to the connection request. – If the credentials are valid, the server running IAS proceeds to the Authorization phase. Volvo IT
  • 11. Phase 6: Authorization The server running IAS performs authorization, as follows: a. IAS checks the users or computer account dial-in properties in Active Directory. b. IAS then attempts to find a remote access policy that matches the connection request. If a matching remote access policy is found, IAS authorizes the connection request based on that policy. Volvo IT
  • 12. Phase 7: Access-Accept If the authorization is successful, IAS sends the AP an Access- Accept message. If authorization is not successful, IAS sends an Access-Reject message. Volvo IT
  • 14. Phase 8: 802.1X Controlled Port As part of authentication, 802.1X dynamically generates session keys from which it further derives encryption keys to secure the wireless connection. The encryption keys are configured on both the wireless AP and the client; all subsequent data traffic is protected. The wireless AP enables the controlled port; traffic from the wireless client is allowed to traverse the port. Volvo IT
  • 15. Phase 9: DHCP Address Request The client sends a DHCP address request through the 802.1X controlled port to the network. If a DHCP server responds, the client obtains an IP address. Volvo IT
  • 16. Phase 10: Group Policy Applied If configured, updated Group Policy is applied on the client during domain logon operation; this includes the Wireless Network (IEEE802.11) Policies Group Policy extension. Note For computer already configured with Wireless Network (IEEE 802.11) Policies, Group Policy is applied when the computer is started, and whenever an updated policy is downloaded. If Group Policy is updated on the server while the computer is turned off, the last known policy (which might be stale) is immediately applied when the computer is started. If the 802.1X settings on the computer enable IAS to authorize the computer for network access, updated policies are downloaded and applied when the computer connects to the network, prior to user authentication. If 802.1X settings on the computer cannot enable IAS to authorize the computer for network access at startup, then application of updated policies occurs immediately after user authentication. Volvo IT
  • 17. Phase 11: Network Access The client is able to access network resources, contingent upon any applied restrictions. Volvo IT