1-1
1 802.1x Configuration
Introduction to 802.1x
The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to address
security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism
for LAN ports to address mainly authentication and security problems.
802.1x is a port-based network access control protocol. It authenticates and controls devices
requesting for access in terms of the ports of LAN access devices. With the 802.1x protocol employed,
a user-side device can access the LAN only when it passes the authentication. Those fail to pass the
authentication are denied when accessing the LAN.
Architecture of 802.1x Authentication
As shown in Figure 1-1, 802.1x adopts a client/server architecture with three entities: a supplicant
system, an authenticator system, and an authentication server system.
Figure 1-1 Architecture of 802.1x authentication
z The supplicant system is an entity residing at one end of a LAN segment and is authenticated by
the authenticator system at the other end of the LAN segment. The supplicant system is usually a
user terminal device. An 802.1x authentication is triggered when a user launches client program on
the supplicant system. Note that the client program must support the extensible authentication
protocol over LAN (EAPoL).
z The authenticator system is another entity residing at one end of a LAN segment. It authenticates
the connected supplicant systems. The authenticator system is usually an 802.1x-supported
network device (such as a 3Com series switch). It provides the port (physical or logical) for the
supplicant system to access the LAN.
z The authentication server system is an entity that provides authentication service to the
authenticator system. Normally in the form of a RADIUS server, the authentication server system
serves to perform AAA (authentication, authorization, and accounting) services to users. It also
To Next Page
Loading...