Logo

802.1x (Port Based Network Access Control)

Posted by Security, Cisco, CCNA, Huawei, HCNA
802.1x-EAP-RADIUS-Messaging

802.1x (Port Based Network Access Control)

802.1x is a LAN Security Mechanism that provides port based access control in the network devices. In 802.1x mechanism, devices needs to be authenticated before accessing the network.

802.1x Roles

In 802.1x mechanism, there are three roles.These 802.1x roles are :

 

• Supplicant
• Authenticator
• Authentication Server

 

Supplicant : The device that need to be authenticated before network access

 

Authenticator : The device that the other devices authentication needed devices are connected. A central point to come together.

 

Authentication Server : The device that checks the supplicant and provides authentication or not.

Here, let’s go through an example. Think about that you are a new employee in a company and you have just get your laptop. You would like to connect the company’s network. Here, the login client that your company has given to you, is the Supplicant.

 

• Your Client (Supplicant)

 

802.1x-Components

If your company is using 802.1x authentication, it has two main configurations in the company network for network users. These configurations are done by the company it staff to secure company network. These configurations are:

 

• Switch’s 802.1x Configuration (Authenticator)
• AAA Server Configuration (Authentication Server)

 

The company switch port that you are connected to, must be configured with 802.1x. Beside, usernames and passwords of the clients(Supplicant), must be defined in the AAA Server.

So, when you try to connect the company’s network, you need to be authenticated. This authentication is done by company’s Authentication Server through the switch (Authenticator) that you are connected to.

 

Here the process works like below:

1) Network Connection Request to Authenticator (Switch)
2) Identity Request to Supplicant (Host)
3) User & Password are Sent to Authenticator (Switch)
4) Authentication Check Request to Authentication Server (AAA Server)
5) At Server Authentication will be confirmed and Authorization will be sent to Authenticator (Switch)

 

There is an Authentication Protocol use with 802.1x that is used between Supplicant (Host) and Authentication Server (AAA Server). The name of this protocol is EAP (Extensible Authentication Protocol) . With EAP, Supplicant and Authenticator determines the Authentication method.

 

Here, there are different other protocols and encapsulation technologies are used between Supplicant, Authenticator and Authentication Server.

 

The technology between Supplicant and Authenticator, is Ethernet, a leyer 2 technology. Here, the EAP packets are transfered in ethernet frame with EAP over LAN (EAPol) encapsulation.

 

The protocols used between Authenticator and Authentication Server are RADIUS or Diameter Protocols.

 

EAP and RADIUS Messages

Now, let’s think about a 802.1x process with RADIUS and check both EAP and RADIUS messages between the three components of 802.1x.

 

802.1x-EAP-RADIUS-Messaging

Related posts:

802.1x-ComponentsEAPoL (Extensible Authentication Protocol over LAN) packet-tracer-radius-conf -RADIUS Configuration on Packet Tracer aaa-authentication-tableAuthentication, Authorization, Accounting (AAA) radius-messagingRADIUS Overview tacacs-messagingTACACS+ Overview

Previous

Next

Comments are closed.
Latest Lessons
Latest Blog Posts
how-ransomware-attack-works-ipcisco.com
Ransomware Attack
1 Dec, 2023
top-network-certifications-2024-ipcisco.com
Top 10 Network Certifications 2024
3 Nov, 2023
kali-linux-download-vmware-installation-ipcisco.com
Download Kali Linux and VMware Workstation Player Installation
23 May, 2023
what-is-ChatGPT-ipcisco
What is ChatGPT and How to Use It?
17 May, 2023
what-is-new-in-ccnp-encor-v1.1-ipcisco.com
What is New in CCNP ENCOR v1.1 Exam?
28 Mar, 2023

WHAT YOU WILL FIND?

  • 250.000+ Students All Over The World
  • 8.000+ Questions & Answers
  • 100+ Lab Files & Cheat Sheets
  • 30+ IT/Network Courses
  • A Real Desire To Help You
  • Daily Social Media Shares
  • %100 Satisfaction

COURSES

SPECIALS

MEMBERSHIP

 

CONTACT

  • Pärnu mnt. 139c – 14, 11317, Tallinn, Estonia
  • info@ipcisco.com
Copyright © 2018-2024 IPCisco         Disclaimer          Privacy Policy       Distance Selling Contract