An IEEE standard for network access control. Used predominantly in Wi-Fi wireless networks, 802.1X keeps the network port disconnected until authentication is completed. Depending on the results, the port is either made available to the user, or the user is denied access to the network.
Supplicant - Authenticator - Server
The client desiring access to a network is called the "supplicant." The device that provides the network port to the client is the "authenticator." In a wireless network, the authenticator is in the access point (AP). In a dial-up network, the authenticator is in the network access server (NAS). The device that contains usernames and passwords and authorizes the user is the "authentication server." In small networks, the authentication server can be located in the same unit as the authenticator.
EAP Over LAN (EAPOL)
802.1X uses the Extensible Authentication Protocol (EAP) for passing authentication messages. EAP comes from the dial-up environment, but "EAP Over LAN" (EAPOL) was created for packet networks such as Ethernet. 802.1X uses EAPOL to start and end the authentication session and pass EAP messages between the supplicant and authenticator and from the supplicant to the authentication server (via the authenticator). EAP messages from the authenticator to the authentication server typically use the RADIUS protocol. See EAP.
An 802.1X Network
The 802.1X protocol resides in the access point (the "authenticator"). The protocol keeps the port open until it receives authorization from an authentication server.
Supplicant - Authenticator - Server
The client desiring access to a network is called the "supplicant." The device that provides the network port to the client is the "authenticator." In a wireless network, the authenticator is in the access point (AP). In a dial-up network, the authenticator is in the network access server (NAS). The device that contains usernames and passwords and authorizes the user is the "authentication server." In small networks, the authentication server can be located in the same unit as the authenticator.
EAP Over LAN (EAPOL)
802.1X uses the Extensible Authentication Protocol (EAP) for passing authentication messages. EAP comes from the dial-up environment, but "EAP Over LAN" (EAPOL) was created for packet networks such as Ethernet. 802.1X uses EAPOL to start and end the authentication session and pass EAP messages between the supplicant and authenticator and from the supplicant to the authentication server (via the authenticator). EAP messages from the authenticator to the authentication server typically use the RADIUS protocol. See EAP.
An 802.1X Network
The 802.1X protocol resides in the access point (the "authenticator"). The protocol keeps the port open until it receives authorization from an authentication server.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Elektron 2.1.2376 (Mac)
- Elektron is server software providing RADIUS/802.1X authentication services for Wi-Fi networks. Using Elektron, small businesses can enable the WPA Enterprise features of their Wi-Fi hardware, including popular equipment from makers like Linksys, D-Link, Apple, Cisco, and Netgear, enhancing both network user management and data encryption. With Elektron installed, every user...
- Software downloads 2009-10-03
- Vulnerability Analysis of Extensible Authentication Protocol (EAP) DoS Attack Over Wireless Networks
- IEEE 802.11 supports 802.1x to provide strong authentication mechanism for Wireless networks. 802.1x utilizes Extensible Authentication Protocol EAP as a framework for authentication, allowing for a number of authentication methods to be used. Unfortunately, 802.1x includes some unprotected EAP packets during authentication process which can be easily exploited by an...
- White papers 2009-07-01
- Maingear introduces 'world's greenest gaming PC' for $799
- Claiming a title not unlike the "world's most fuel-efficient sports car," high-performance computer manufacturer Maingear has introduced its Pulse, a small form factor gaming PC based on NVIDIA ION graphics. Maingear says the Pulse is the world's first "ION-based" PC that can be...
- Blog posts 2009-06-05
- 802.1X Implementation: Choosing the Best Supplicant for Your Network Access Solution
- 802.1X allows for a network end station such as a desktop, laptop, printer, or IP phone, to provide a network device switch or access point the credentials to identify itself and request access to the network. It is an industry standard that is supported by most enterprise-networking equipment. Today's networks...
- White papers 2009-05-01
- Cisco's Chambers says security can no longer be an after-thought
- Cisco's Chambers says security can no longer be an after-thoughtSecurity adoption is the issue, not technology per seOne example - 802.1X authentication allows a LAN to ensure only authenticated devices can access the wired network, much as WPA ensures only authenticated wireless clients can connect to a WLAN. You can...
- Discussion threads 2009-04-27
- Apple Mac Mini (2.0GHz Intel Core 2 Duo, 120GB, Winter 2009)
- Apple breathed fresh air into its line of Mac Minis, whose specs haven't changed since an update in August 2007. With this $599 model, Apple adds significantly improved Nvidia graphics, a new 2GHz Intel Core 2 Duo processor, and a larger hard drive. Those changes are welcome, and we're also...
- Product reviews 2009-03-05
- Gateway DX4200-09
- The DX4200-09 is another one of Gateway's midrange PCs built for light to moderate users in mind. Spending $510 on this model gives you a 1.8GHz quad-core CPU, 4GB of RAM, an integrated graphics chip, and a 640GB hard drive. If you can stretch your budget a bit and put...
- Product reviews 2009-02-27
- HP Firebird 803 with VoodooDNA
- We suspect many hard-core PC gamers will be turned off by the HP Firebird 803 ("with VoodooDNA", according to the official product name) because it lacks upgradeability. Fair enough. For everyone else who might consider spending $2,099 on a gaming desktop, you will find it awfully hard to turn away...
- Product reviews 2009-02-21
- 802.1X: Port-Based Authentication Standard for Network Access Control (NAC) - A Secure, Strong and Flexible Framework for Network Access Control (NAC)
- The 802.1X standard is the Institute of Electrical and Electronics Engineers IEEE standard for port-based network access control. The 802.1X standard delivers powerful authentication and data privacy as part of its robust, extensible security framework. It is this strong security, assured authentication, and stout data protection that has made the...
- White papers 2009-02-01
- SNRS - Securing Networks with Cisco Routers & Switches v3.0
- View Available Dates and LocationsDiscover advanced concepts in IOS router and switch security in this course that starts where IINS v1.0, core training for the CCNA Security Associate certification, stops. In SNRS v3.0, a component in the Cisco Certified Security Professional certification, you will take your IOS...
- Training 2008-11-01
- Go ahead...bring in your laptop
- Go ahead...bring in your laptopWe allow people to use their ownso long as they allow me to install security software and updates and inspect the machines at my discretion. Those who do use their own see this as me doing them a favor, not the other way around.I use my...
- Discussion threads 2008-08-26
- Apple announces iPhone 3G; firmware 2.0
- As was widely expected, Apple today announced the iPhone 3G and formally demonstrated the new features coming in the iPhone 2.0 firmware update. Both will be available beginning on 11 July 2008:iPhone 3G features: 3G data that is 2.8 times faster than EDGE...
- Blog posts 2008-06-09
- WWDC keynote highlights: iPhone 2.0, MobileMe
- Steve Jobs has taken the stage at WWDC and here's what we know so far: The next version of Mac OS X is indeed called "Snow Leopard" In the first 95 days of the SDK being available, over 250k people have downloaded it. iPhone 2...
- Blog posts 2008-06-09
- Hardware 2.0 WWDC "blogging the blogs" coverage
- Unfortunately a series of prior commitments meant that I couldn't make it to WWDC 08. Since I can't be there, I've decided to do the second best thing and cover WWDC from the angle of "blogging the blogs." So, here I am sitting in front of three...
- Blog posts 2008-06-09
- Apple releases Mac OS 10.5.3; includes Google contact sync (updated)
- Apple today released Mac OS 10.5.3 via Software Update advisory. The 10.5.3 Combo Update weighs in at 536MB while the regular 10.5.3 Update is 420MB. The 10.5.3 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the...
- Blog posts 2008-05-28
- What is the U.S. doing about security?
- What is the U.S. doing about security?NateI enjoy your posts and the obvious expertise you bring to them. Even though these cards are a bad security idea, this is but a small piece of the border security pie. The total budgets you are referencing cover a lot more...
- Discussion threads 2008-05-21
- Netgear announces new switches, access point at Interop
- Netgear launched at Interop a handful of new switches that introduce static routing capabilities to the company’s SMB product line. It also unveiled an 802.11n dual-band access point that brings in support for the 5GHz spectrum. New ProSafe Gigabit Smart Switches deliver PoE,...
- Blog posts 2008-04-29
- Securing WLANs With Two-Factor Authentication
- While advances in wireless protocols have made major improvements in enabling WLAN security, two-factor authentication is crucial to protecting wireless networks from intrusion. Organizations can deploy wireless VPNs or can offer native WLAN access without the need to deploy and manage VPN client software, and they can implement two-factor authentication...
- White papers 2008-03-01
- Design flaw in wireless VoIP handsets endanger the enterprise
- Update 2/23/2008 - Cisco confirms vulnerability in 7921 Wi-Fi IP phone Security conscious businesses and organizations who implemented 802.1x/EAP enterprise-grade authentication are at risk with certain implementations of wireless LAN VoIP handsets. I have verified that Vocera Communications is one of the vulnerable vendors and I have...
- Blog posts 2008-02-20
- Give me Ubuntu or, well, give me something else
- Give me Ubuntu or, well, give me something elseThe post DOJ judgement agreement gave MS more power.http://talkback.zdnet.com/5208-3513-0.html?forumID=1&threadID=27634&messageID=518780&start=-9922You do raise a valid point I have been bringing up multiple time. [B]If the PC is already proven and verified with both XP and Vista or Ubuntu for that matter [/B]Why doesn't Dell...
- Discussion threads 2008-01-30
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
