8
802.1X
An IEEE standard for port-based network access control that authenticates devices before granting network access using EAP and RADIUS.
What is 802.1X?
802.1X is an IEEE standard for port-based network access control (PNAC). It provides an authentication framework for devices connecting to wired or wireless networks, ensuring only authorized users and devices gain access.
802.1X Components
- Supplicant: Client software on the connecting device
- Authenticator: Network device (switch, access point) controlling access
- Authentication Server: Typically a RADIUS server verifying credentials
How 802.1X Works
- Device connects to network port (port starts blocked)
- Authenticator requests identity
- Supplicant provides credentials via EAP
- Credentials forwarded to authentication server
- Server validates and responds (accept/reject)
- Authenticator opens port or denies access
EAP Methods
- EAP-TLS: Certificate-based, most secure
- PEAP: Password with TLS tunnel
- EAP-TTLS: Tunneled TLS authentication
- EAP-FAST: Cisco's flexible authentication
Benefits
- Strong authentication before network access
- Dynamic VLAN assignment per user
- Support for wired and wireless networks
- Integration with existing directory services
- Granular access control