Introduction, 1x system components – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 1060

802.1X Introduction and Configuration
Software Reference for x310 Series Switches
40.2
AlliedWare Plus
TM
Operating System - Version 5.4.4C
C613-50046-01 REV A
Introduction
802.1X is an IEEE standard providing a mechanism for authenticating devices attached to a
LAN port or wireless device. Devices wishing to access services behind a port must
authenticate themselves before any Ethernet packets are allowed to pass through. The
protocol is referred to as 802.1X because it was initially defined in the IEEE standard
802.1X, published in 2001 and revised in 2004 and again as the current 802.1X 2010
standard.
Networks have two important requirements:
■
Security: Authentication and Authorization
■
Flexibility: The ability for users to roam
Networks need a device authentication method that is highly secure, but not tied to a
port’s physical location. Network resources presented to a given user need to be
determined from their authentication credentials.
802.1X user authentication satisfies these requirements. It is relatively uncomplicated and
has little impact on network performance. It is a protocol that is medium-independent —
being equally as effective on wireless connections (802.11i) and wired connections.
802.1X user authentication is rapidly becoming an expected component on networks.
802.1X System Components
There are three main components to a system using 802.1X port authentication control:
■
Authenticator: The device that wishes to enforce authentication before allowing
access to services that are accessible behind it. An example of this is a switch that has
802.1X port authentication control enabled.
■
Supplicant: The client that wishes to access services offered by the authenticator’s
system. An example of this is a Windows XP Professional PC with an 802.1X client.
■
Authentication server: The device that uses the authentication credentials supplied
by the supplicant, to determine if the authenticator should grant access to its services.
The AlliedWare Plus implementation of 802.1X supports the use of a RADIUS
authentication server using Extensible Authentication Protocol (EAP) in conjunction
with RADIUS.
Switch
RADIUS
Server
Supplicants
Authenticator
Authentication Server