39 802.1X C ONFIGURATIONIntroduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WANcommittee to address security issues of wireless LANs. It was then used in Ethernetas a common access control mechanism for LAN ports to address mainlyauthentication and security problems.802.1x is a port-based network access control protocol. It authenticates andcontrols devices requesting for access in terms of the ports of LAN access controldevices. With the 802.1x protocol employed, a user-side device can access the LANonly when it passes the authentication. Those failing to pass the authenticationare denied when accessing the LAN, as if they are disconnected from the LAN.Architecture of 802.1xAuthentication802.1x adopts a client/server architecture with three entities: a supplicant system,an authenticator system, and an authentication server system, as shown inFigure 88.Figure 88 Architecture of 802.1x authentication■ The supplicant system is an entity residing at one end of the LAN segment andis authenticated by the authenticator system connected to the other end of theLAN segment. The supplicant system is usually a user terminal device. An802.1x authentication is initiated when a user launches client program on thesupplicant system. Note that the client program must support the EAPoL(extensible authentication protocol over LANs).■ The authenticator system authenticates the supplicant system. Theauthenticator system is usually an 802.1x-supported network device (such as a3Com series switch). It provides the port (physical or logical) for the supplicantsystem to access the LAN.■ The authentication server system is an entity that provides authenticationservice to the authenticator system. Normally in the form of a RADIUS server,Supplicant PAESupplicant systemServices offered byauthenticatorÿ ssystemAuthenticatorPAEAuthenticator system Authenticationserver systemAuthenticationserverEAP protocolexchangescarried inhigher layerprotocolPortunauthorizedLAN/ WLAN