IEEE 802.1x authentication procedure

In this section, we will use our user space daemon to test the performance of IEEE 802.1x authentication during handoff. We use single mobile station handoff between two access points and two mobile stations handoff between two access points to compare the performance of our architecture with the traditional one.

Fig 4.6 shows the result of single mobile station handoff between two access points for 1000 times in our architecture and 30 times in the traditional wireless LAN. In our architecture, access router which has high computation power plays a role as authenticator in IEEE 802.1x. It can provide a better and more stable service to mobile stations. In addition, if mobile station handoff under the same access router, the modified IEEE 802.1x authentication procedure which we present in this thesis can greatly decrease the handoff

0 5 10 15 20 25 30

Figure 4.4: Handoff time of each station in traditional WLAN: two STAs execute IEEE 802.11 handoff between two different access points.

delay time. Therefore, if the IEEE 802.1x authentication procedure is required, mobile stations will handoff more smoothly and fast in our architecture than traditional wireless LAN architecture.

Fig 4.7 shows the result of two mobile stations execute IEEE 802.1x handoff for 1000 times in our architecture. Fig 4.8 is the total handoff time and difference of handoff time between two mobile stations of every round in Fig 4.7. Fig 4.9 is the result of two mobile stations execute IEEE 802.11 handoff for 30 times in the traditional wireless LAN architecture. Fig 4.10 shows the total handoff time and difference of handoff time of two mobile stations of every round in Fig 4.9. Handoff time of every station and total handoff time of two stations stands for the stability of service quality of the system. The difference of handoff time between two mobile stations in every round stands for the fairness of the system. With the centralized architecture and modified IEEE 802.1x authentication

0 5 10 15 20 25 30 0

20 40 60 80 100 120 140 160 180 200 220

Round

Time(s)

Time of STA1 + Time of STA2 ABS( Time of STA1 − Time of STA2 )

Figure 4.5: The time of IEEE 802.11 in handoff traditional WLAN: total handoff time and difference of handoff time of two station.

procedure, stations in our architecture will not only handoff more smoothly but also gain a fair service quality. The handoff time of each mobile station in every round are almost the same and the difference of handoff time between the two mobile station in each round is almost the same, too.

0 5 10 15 20 25 30

Figure 4.6: Total time of IEEE 802.1x handoff in two architectures: single STA handoff between two different access points.

0 5 10 15 20 25 30

Figure 4.7: Handoff time of each station in our architecture: two STAs execute IEEE 802.1x handoff between two different access points.

0 5 10 15 20 25 30

Figure 4.8: The time of IEEE 802.1x handoff in our architecture: total handoff time and difference of handoff time of two stations.

0 5 10 15 20 25 30

Figure 4.9: Handoff time of each station in traditional WLAN: two STAs execute IEEE 802.1x handoff between two different access points.

0 5 10 15 20 25 30 0

20 40 60 80 100 120 140 160 180 200

Round

Time(s)

Time of STA1 + Time of STA2 ABS( Time of STA1 − Time of STA2 )

Figure 4.10: The time of IEEE 802.1x in handoff traditional WLAN: total handoff time and difference of handoff time.

Chapter 5 Conclusion

Traditional wireless LAN architecture has many drawbacks such as inconvenient to man-agement the network, high construction cost and low wireless access performance. In this thesis, we implement a new wireless LAN architecture base on the thin access point architecture and use it to work with the IEEE 802.1x model. Our system architecture has five advantages:

1. Centralized management

Centralized architecture reduces the overhead for us to do network management.

For example, we can manage the network to enhance the network performance at the access router instead of configuring every access point individually.

2. Fast handoff

With the modified IEEE 802.1x authentication procedure, if the user moves around different access points, the handoff latency can be reduced to meet the requirement

of the real-time multimedia application.

3. Load balance

Access router will attempt to achieve load balance of network according to the network condition. Mobile station will associate to access router through the access point which has lower load to get better service quality.

4. Low construction cost

Because the thin APs don’t implement much more than the 802.11 standard, they generally cost-less. We can construct a wireless LAN environment with a lower total cost.

5. High wireless access quality

In our architecture, access point plays a role as layer 2 repeater, the work which needs high system resource has been moved to access router. So, access point release more resource to handle the traffic of mobile station in stead of handling the other non-traffic task such as IEEE 802.1x authentication procedure. As a result, mobile station can get better wireless access quality from access point.

6. Low data duplication

Some other architectures need the pre-authentication procedure to achieve fast handoff, it will cause the duplication of user data in access points. Our

archi-tecture, by comparison, has essence superior to those architecture such that we can achieve fast handoff without any duplication of user data.

With the performance evaluation results, we prove that our new architecture works better than the existed traditional one and the handoff delay time is shorter over two cases, IEEE 802.11 handoff and IEEE 802.1x handoff.

Bibliography

[1] ”Port-Based Network Access Control”, IEEE std 802.1x, 2001, http://standards.ieee.org/getieee802/802.1.html

[2] C. Rigney, S. Willens, A. Rubens, and W. Simpson, ”Remote Authentication Dial In User Service (RADIUS)”, RFC-2865, June 2000

[3] Host AP driver for Intersil Prism2/2.5/3 and WPA Supplicant. [Online]. Available:

http://hostap.epitest.fi/

[4] L. Blunk, and J. Vollbrecht, ”PPP Extensible Authentication Protocol (EAP)”, RFC-2284, March 1998

[5] P. Calhoun, B. O’Hara, S. Kelly, R. Suri and D. Funato, ”Light Weight Access Point Protocol (LWAPP)”, draft-calhoun-seamoby-lwapp-03, June 2003

[6] RedHat. [Online]. Available: http://www.redhat.com/

[7] FreeRADIUS. [Online]. Available: http://www.freeradius.org/

[8] WLAN Total Cost of Ownership : Compairing Centralized and Distributed Archi-tecture. [Online]. Available: http://www.arubanetworks.com/pdf/wlan-tco.pdf/

[9] CAPWAP - A list for CAPWAP technical discussions . [Online]. Available:

http://mail.frascone.com/mailman/listinfo/capwap/

[10] Mattbew S. Gast, ”802.11 Wireless Networks: The Definitive Guide”, O’REILLY, April 2002