MN700004 Rev 01 36034. 802.1X Port-BasedAuthenticationIntroductionThe IEEE 802.1X standard offers a method for controlling port access in a central location ona user or device basis. 802.1X helps to facilitate the control of networks.The 802.1X (or dot1x) standard relies on the supplicant (user or client that requestsauthentication) to provide credentials in order to gain access to the network. The credentialscan be a username/password combination or a certificate. The credentials are not verified bythe switch but are sent to a Remote Authentication Dial-In User Service (RADIUS) server,which maintains a database of authentication information.Dot1x acts as Authenticators in a local network. BiNOS supports the MD5 authenticationmethod without accounting.Feature OverviewIEEE 802.1X standard relies on the Extensible Authentication Protocol (EAP) and passes itover a wired or wireless LAN. EAP is an authentication protocol that provides a frameworkfor authentication methods instead of simply employing usernames and passwords for access.The protocol in 802.1X is called EAP encapsulation over LANs (EAPOL). Communicationbetween supplicants in the network and the Authentication Server is performed throughEAPOL packets.802.1X consists of three components for port control – Supplicant, Authentication Server andAuthenticator.SupplicantA supplicant is the user or client that wants to be authenticated. This is the end device thatconnects to a switch and requests to use the services (port) of the device. The 802.1Xsupplicant must be able to respond to EAP packets.Authentication ServerAuthentication Server is the actual server that authenticates the supplicants and typically, thisis a RADIUS server. The RADIUS server examines the credentials provided to theauthenticator from the supplicant and provides the authentication service.AuthenticatorAuthenticator is the device in-between the supplicant and the authentication server. The802.1X key point is that the authenticator is very simple as the supplicant and theauthentication server performs most of the authentication process.
