The question I have is when is there going to be a standard that has inherent security features built into the transfer and validation of the user? It seems that 802.1x (using Radius to authenticate the user) is a valid choice but there is another standard that I am hearing about called 802.1u, which incorporates encryption and authentication into one known standard.
On the other hand, corporate WLAN operators do take steps to restrict access and hide both credentials and data sent over the air. The 802.1X standard defines a framework for port-based access control based on the Extensible Authentication Protocol (EAP). As you note, 802.1X does not itself use cryptography to secure the authentication process and exchange of credentials. 802.1X leaves that up to EAP. The 802.1aa standard now underway provides corrections and improvements to 802.1X.
Some EAP types have built-in security. For example, EAP-TLS provides mutual authentication based digital signatures (I.E., certificates, smart cards), negotiated over an encrypted TLS session. Protected EAP (PEAP) authenticates the server by digital signature, launches an encrypted TLS session, and authenticates the user over that secure session by another method (I.E., passwords, tokens). There are other EAP types that offer weak security, including EAP-MD5 and Cisco LEAP, so it's important to choose an EAP type that meets your security needs. EAP types are defined by the IETF, not the IEEE. To learn more, visit the IETF's EAP working group status page.
IEEE 802.1u provides corrections and updates to the 802.1Q standard on Virtual LANs (VLANs). The only relationship that I can see is that VLANs can be used with 802.1X and RADIUS to supply a wireless station with a specific VLAN tag, based on authenticated identity and access rights defined in the user database. But I don't think 802.1u is the standard with built-in security that you've been hearing about -- perhaps you meant 802.11i, which is another standard underway to improve the security built into all 802.11 wireless LANs. To learn more about 802.11i, visit the IEEE 802.11 TGi Update page.
This was first published in February 2004