beautypg.com

Chapter 1 802.1x configuration, 1 introduction to 802.1x, 1 architecture of 802.1x authentication – H3C Technologies H3C S3100 Series Switches User Manual

Page 274: Chapter 1 802.1x configuration -1, 1 introduction to 802.1x -1, 1 architecture of 802.1x authentication -1

background image

Operation Manual – 802.1x

H3C S3100-52P Ethernet Switch

Chapter 1 802.1x Configuration

1-1

Chapter 1 802.1x Configuration

1.1 Introduction to 802.1x

The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN
committee to address security issues of wireless LANs. It was then used in Ethernet as
a common access control mechanism for LAN ports to address mainly authentication
and security problems.
802.1x is a port-based network access control protocol. It authenticates and controls
devices requesting for access in terms of the ports of LAN access control devices. With
the 802.1x protocol employed, a user-side device can access the LAN only when it
passes the authentication. Those fail to pass the authentication are denied when
accessing the LAN, as if they are disconnected from the LAN.

1.1.1 Architecture of 802.1x Authentication

802.1x adopts a client/server architecture with three entities: a supplicant system, an
authenticator system, and an authentication server system, as shown in the following
figure.

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services pr ovided by

authenticator

Authenticator PAE

Authenticator system

Port under

control

Port not authorized

Port not

Under

control

LAN/WLAN

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services pr ovided by

authenticator

Authenticator PAE

Authenticator system

Controlled port

Port not authorized

Uncontrolled

port

LAN/WLAN

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services pr ovided by

authenticator

Authenticator PAE

Authenticator system

Port under

control

Port not authorized

Port not

Under

control

LAN/WLAN

Supplicant PAE

Supplicant system

Authentication

server

Authentication

server system

Services pr ovided by

authenticator

Authenticator PAE

Authenticator system

Controlled port

Port not authorized

Uncontrolled

port

LAN/WLAN

Figure 1-1

Architecture of 802.1x authentication

z

The supplicant system is an entity residing at one end of a LAN segment and is
authenticated by the authenticator system connected to the other end of the LAN
segment. The supplicant system is usually a user terminal device. An 802.1x
authentication is triggered when a user launches client program on the supplicant
system. Note that the client program must support the EAPoL (extensible
authentication protocol over LANs).

See also other documents in the category H3C Technologies Routers: