Configuring 802.1x, Overview, 1x architecture – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 539: Access control methods
518
Configuring 802.1X
802.1X is a port-based network access control protocol initially proposed by the IEEE 802 LAN/WAN
committee for the security of wireless LANs (WLANs). It has been widely used on Ethernet networks for
access control.
802.1X controls network access by authenticating the devices connected to 802.1X-enabled LAN ports.
You can also configure the port security feature to perform 802.1X. Port security combines and extends
802.1X and MAC authentication. It applies to a network, a WLAN, for example, that requires different
authentication methods for different users on a port. For more information about port security, see H3C
Access Controllers Security Configuration Guide.
Overview
802.1X architecture
802.1X operates in the client/server model. It has three entities: the client (supplicant), the network
access device (authenticator), and the authentication server, as shown in
.
Figure 552 802.1X architecture
•
Client—A user terminal seeking access to the LAN. It must have 802.1X software to authenticate to
the network access device.
•
Network access device—Authenticates the client to control access to the LAN. In a typical 802.1X
environment, the network access device uses an authentication server to perform authentication.
•
Authentication server—Provides authentication services for the network access device. The
authentication server authenticates 802.1X clients by using the data sent from the network access
device, and returns the authentication results for the network access device to make access
decisions. The authentication server typically is a RADIUS server. In a small LAN, you can also use
the network access device as the authentication server.
For more information about the 802.1X protocol, see H3C Access Controllers Security Configuration
Guide.
Access control methods
H3C implements port-based access control as defined in the 802.1X protocol, and extends the protocol
to support MAC-based access control.
Authentication server
Client
Device
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module