Security

Reply
Highlighted
Occasional Contributor II

What is the defference between L2-Authentication and 3-Auth

what is the step shoul the cilent follow to connect to SSID that related to authentication server "LDAP/Raduis"

 

example

wirte user and password in SSID

then get ip adddress from DHCP or first controller make to it authentication from raduis ?

Frequent Contributor I

Re: What is the defference between L2-Authentication and 3-Auth

With L3 authentication the client receives an IP address before going through authentication. The client gets IP, is assigned limited access, and then authenticates, typically captive portal. VPN is also a L3 authentication.

 

With L2 authentication the client devices does an 802.11 authentication and association. At this point the client can communicate through the controller, but only to do 802.1X/EAP authentication. After the client authentication is successful, the client is assigned a post logon role, allowing the client to obtain an IP address and access the the network with whatever permissions are assigned to the client.

 

I hope this helps,

 

David
Sr. Trainer and Author of upcoming "Understanding ArubaOS: Version 8.x" book
Occasional Contributor II

Re: What is the defference between L2-Authentication and 3-Auth

thanks for your reply

 

At this point the client can communicate through the controller, but only to do 802.1X/EAP authentication >> before user get ip how it communitacte with controller in defferent subnet and make authentication 

 

PSK need L2 or L3

 

 

Frequent Contributor I

Re: What is the defference between L2-Authentication and 3-Auth

I just described the communication process in a response to another question

 

https://community.arubanetworks.com/t5/Wireless-Access/Aruba-Wireless-packet-flow-from-user-to-server/m-p/541669#M92198

 

The process is the same except your client is an 802.1X/EAP Supplicant and is sending EAP frames to the AP. The AP is packaging them up the same way as I describe in the other response. When the frames get to the controller, the controller is the 802.1X/EAP authenticator. It will take the frames and process them, ultimately forwarding them to the 802.1X/EAP Authentication Server, such as a ClearPass server.

 

David
Sr. Trainer and Author of upcoming "Understanding ArubaOS: Version 8.x" book
Frequent Contributor I

Re: What is the defference between L2-Authentication and 3-Auth

PSK is technically a L2 authentication, even though there is not actually any "authentication" occurring in the sense of authenticating an identity. In this type of scenario, I sometimes will refer to it as a L2 access, although it is still technically a L2 authentication. If the PSK is valid, then you can transmit frames that the AP can understand, and you will then have access, and can then obtain an IP address. If the PSK is not valid, then the AP will not understand your frames, and you will not be able to get an IP address.

 

Even an Open SSID technically uses L2 authentication. If you know the SSID, and connect to it, you can then get an IP address. If you don't know the SSID, or don't try to connect to it, you cannot obtain an IP address.

 

I hope this helps,

 

David
Sr. Trainer and Author of upcoming "Understanding ArubaOS: Version 8.x" book
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: