59802.1X overview802.1X is a port-based network access control protocol initially proposed for securing WLANs, and ithas also been widely used on Ethernet networks for access control.802.1X controls network access by authenticating the devices connected to 802.1X-enabled LAN ports.802.1X architecture802.1X operates in the client/server model. It comprises three entities: the client (the supplicant), thenetwork access device (the authenticator), and the authentication server.Figure 21 802.1X architecture• Client—A user terminal seeking access to the LAN. It must have 802.1X software to authenticate tothe network access device.• Network access device—Authenticates the client to control access to the LAN. In a typical 802.1Xenvironment, the network access device uses an authentication server to perform authentication.• Authentication server—Provides authentication services for the network access device. Theauthentication server authenticates 802.1X clients by using the data sent from the network accessdevice, and returns the authentication results to the network access device to make access decisions.The authentication server is typically a RADIUS server. In a small LAN, you can use the networkaccess device as the authentication server.Controlled/uncontrolled port and portauthorization status802.1X defines two logical ports for the network access port: controlled port and uncontrolled port. Anypacket arriving at the network access port is visible to both logical ports.• Controlled port—Allows incoming and outgoing traffic to pass through when it is in the authorizedstate, and denies incoming and outgoing traffic when it is in the unauthorized state, as shownin Figure 22. The controlled port is set in authorized state if the client has passed authentication, andin the unauthorized state, if the client has failed authentication.• Uncontrolled port—Is always open to receive and transmit authentication packets.