The WPA2 standard defines three entities:
As far as I understand, when you buy a regular access point, there is a built-in authentication server.
My book says that in general (not mentioning built-in AS) RADIUS is most often used. Is RADIUS the standard authentication method in most APs?
I was told once that my school was considered changing to RADIUS, but if RADIUS is in every AP, what was meant by that?
RADIUS requires a server in order to authenticate its users. Typically when you are setting up a new wireless network and you want to use an added layer of security you can use RADIUS to allow only authenticated users to connect to the network. These can typically be setup using AD tied to your RADIUS deployment so that you can have your users connect to the network via preshared key and domain credentials.
But overall yes there is normally a basic built in authentication server in every wireless router it is what allows for the pre shared key or utilization of the Radius server.
RADIUS is a client/server protocol. Effectively, the client speaks RADIUS protocol to the server to ask if the authentication information provided is accurate. The AP is the client and there is another computer that is the server.
Your school was considering changing to using RADIUS either from some other authentication protocol, or from authentication directly on the AP.
