Wireless security is very important since the network is open in the air and does not end at our closed walls. Wireless networks offer great potential for exploitation for two reasons; they use the airwaves for communication, and wireless-enabled laptops are ubiquitous.
In our wireless infrastructure we have implemented IEEE 802.1X based Radius authentication system with domain user base. The supplicant (wireless client) authenticates against the RADIUS server (authentication server) using an EAP method configured on the RADIUS server. The gateway APs (authenticator) role is to send authentication messages between the supplicant and authentication server. This means the RADIUS server is responsible for authenticating users.APs perform EAPOL exchanges between the supplicant and convert these to RADIUS Access-requests messages, which are sent to the RADIUS server's IP address and port specified. Gateway APs need to receive a RADIUS Access-accept message from the RADIUS server in order to grant the supplicant access to the network.
IEEE 802.1X can also be used to tunnel wireless traffic onto Virtual LANs that reflect user or group permissions. We are providing and managing multiple different networks for students, staff and research communities behind a common SSID ‘AMRITA-Connect’; an end user connecting to a respective network with their authentication and authorisation.