Operation Manual – 802.1xH3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration1-1Chapter 1 802.1x Configuration1.1 Introduction to 802.1xThe 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WANcommittee to address security issues of wireless LANs. It was then used in Ethernet asa common access control mechanism for LAN ports to address mainly authenticationand security problems.802.1x is a port-based network access control protocol. It authenticates and controlsdevices requesting for access in terms of the ports of LAN access control devices. Withthe 802.1x protocol employed, a user-side device can access the LAN only when itpasses the authentication. Those fail to pass the authentication are denied whenaccessing the LAN, as if they are disconnected from the LAN.1.1.1 Architecture of 802.1x Authentication802.1x adopts a client/server architecture with three entities: a supplicant system, anauthenticator system, and an authentication server system, as shown in the followingfigure.Supplicant PAESupplicant systemAuthenticationserverAuthenticationserver systemServic es pr ovided byauthenticator Authenticator PAEAuthenticator systemPort undercontrolPort not authorized Port notUndercontrolLAN/WLANSupplicant PAESupplicant systemAuthenticationserverAuthenticationserver systemServic es pr ovided byauthenticator Authenticator PAEAuthenticator systemControlled port Port not authorizedUncontrolledportLAN/WLANSupplicant PAESupplicant systemAuthenticationserverAuthenticationserver systemServic es pr ovided byauthenticator Authenticator PAEAuthenticator systemPort undercontrolPort not authorized Port notUndercontrolLAN/WLANSupplicant PAESupplicant systemAuthenticationserverAuthenticationserver systemServic es pr ovided byauthenticator Authenticator PAEAuthenticator systemControlled port Port not authorizedUncontrolledportLAN/WLANFigure 1-1 Architecture of 802.1x authenticationz The supplicant system is an entity residing at one end of a LAN segment and isauthenticated by the authenticator system connected to the other end of the LANsegment. The supplicant system is usually a user terminal device. An 802.1xauthentication is triggered when a user launches client program on the supplicantsystem. Note that the client program must support the EAPoL (extensibleauthentication protocol over LANs).