beautypg.com

Introduction, 1x system components – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1060

background image

802.1X Introduction and Configuration

Software Reference for x310 Series Switches

40.2

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Introduction

802.1X is an IEEE standard providing a mechanism for authenticating devices attached to a
LAN port or wireless device. Devices wishing to access services behind a port must
authenticate themselves before any Ethernet packets are allowed to pass through. The
protocol is referred to as 802.1X because it was initially defined in the IEEE standard
802.1X, published in 2001 and revised in 2004 and again as the current 802.1X 2010
standard.

Networks have two important requirements:

Security: Authentication and Authorization

Flexibility: The ability for users to roam

Networks need a device authentication method that is highly secure, but not tied to a
port’s physical location. Network resources presented to a given user need to be
determined from their authentication credentials.

802.1X user authentication satisfies these requirements. It is relatively uncomplicated and
has little impact on network performance. It is a protocol that is medium-independent —
being equally as effective on wireless connections (802.11i) and wired connections.
802.1X user authentication is rapidly becoming an expected component on networks.

802.1X System Components

There are three main components to a system using 802.1X port authentication control:

Authenticator: The device that wishes to enforce authentication before allowing
access to services that are accessible behind it. An example of this is a switch that has
802.1X port authentication control enabled.

Supplicant: The client that wishes to access services offered by the authenticator’s
system. An example of this is a Windows XP Professional PC with an 802.1X client.

Authentication server: The device that uses the authentication credentials supplied
by the supplicant, to determine if the authenticator should grant access to its services.
The AlliedWare Plus implementation of 802.1X supports the use of a RADIUS
authentication server using Extensible Authentication Protocol (EAP) in conjunction
with RADIUS.

Switch

RADIUS

Server

Supplicants

Authenticator

Authentication Server