Overview of 802.1X Authentication
Definition
802.1X defines a port-based network access control and authentication protocol that prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated.
Benefits
- 802.1X is a Layer 2 protocol and does not involve Layer 3 processing. It does not require high performance of access devices, reducing network construction costs.
- Authentication packets and data packets are transmitted through different logical interfaces, improving network security.
802.1X Authentication System
As shown in Figure 1, the 802.1X authentication system uses a standard client/server architecture with three components: client, access device, and authentication server.
- The client is usually a user terminal. The user triggers 802.1X authentication using client software. The client must support Extensible Authentication Protocol over LAN (EAPoL).
- The access device is usually a network device that supports the 802.1X protocol. It provides a port, either physical or logical, for the client to access the LAN.
- The authentication server, typically a RADIUS server, carries out authentication, authorization, and accounting on users.