beautypg.com

1 802.1x configuration, Introduction to 802.1x, Architecture of 802.1x authentication – H3C Technologies H3C S3100 Series Switches User Manual

Page 366: 1x configuration

background image

1-1

1

802.1x Configuration

Introduction to 802.1x

The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to address

security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism

for LAN ports to address mainly authentication and security problems.

802.1x is a port-based network access control protocol. It authenticates and controls devices

requesting for access in terms of the ports of LAN access devices. With the 802.1x protocol employed,

a user-side device can access the LAN only when it passes the authentication. Those fail to pass the

authentication are denied when accessing the LAN.

Architecture of 802.1x Authentication

As shown in

Figure 1-1

, 802.1x adopts a client/server architecture with three entities: a supplicant

system, an authenticator system, and an authentication server system.

Figure 1-1 Architecture of 802.1x authentication

z

The supplicant system is an entity residing at one end of a LAN segment and is authenticated by

the authenticator system at the other end of the LAN segment. The supplicant system is usually a

user terminal device. An 802.1x authentication is triggered when a user launches client program on

the supplicant system. Note that the client program must support the extensible authentication

protocol over LAN (EAPoL).

z

The authenticator system is another entity residing at one end of a LAN segment. It authenticates

the connected supplicant systems. The authenticator system is usually an 802.1x-supported

network device (such as an H3C series switch). It provides the port (physical or logical) for the

supplicant system to access the LAN.

z

The authentication server system is an entity that provides authentication service to the

authenticator system. Normally in the form of a RADIUS server, the authentication server system

serves to perform AAA (authentication, authorization, and accounting) services to users. It also

See also other documents in the category H3C Technologies Routers: