beautypg.com

Configuring 802.1x, Overview, 1x architecture – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 539: Access control methods

background image

518

Configuring 802.1X

802.1X is a port-based network access control protocol initially proposed by the IEEE 802 LAN/WAN

committee for the security of wireless LANs (WLANs). It has been widely used on Ethernet networks for

access control.
802.1X controls network access by authenticating the devices connected to 802.1X-enabled LAN ports.
You can also configure the port security feature to perform 802.1X. Port security combines and extends

802.1X and MAC authentication. It applies to a network, a WLAN, for example, that requires different

authentication methods for different users on a port. For more information about port security, see H3C

Access Controllers Security Configuration Guide.

Overview

802.1X architecture

802.1X operates in the client/server model. It has three entities: the client (supplicant), the network

access device (authenticator), and the authentication server, as shown in

Figure 273

.

Figure 552 802.1X architecture

Client—A user terminal seeking access to the LAN. It must have 802.1X software to authenticate to
the network access device.

Network access device—Authenticates the client to control access to the LAN. In a typical 802.1X
environment, the network access device uses an authentication server to perform authentication.

Authentication server—Provides authentication services for the network access device. The
authentication server authenticates 802.1X clients by using the data sent from the network access

device, and returns the authentication results for the network access device to make access
decisions. The authentication server typically is a RADIUS server. In a small LAN, you can also use

the network access device as the authentication server.

For more information about the 802.1X protocol, see H3C Access Controllers Security Configuration

Guide.

Access control methods

H3C implements port-based access control as defined in the 802.1X protocol, and extends the protocol

to support MAC-based access control.

Authentication server

Client

Device