3com 2928 Guida Utente

 

1-1 

The 802.1X protocol was proposed by the IEEE 802 LAN/WAN committee for security of wireless LANs 
(WLAN).It has been widely used on Ethernet as a common port access control mechanism. 
As a port-based access control protocol, 802.1X authenticates and controls accessing devices at the 
port level. A device connected to an 802.1X-enabled port of an access control device can access the 
resources on the LAN only after passing authentication. 

802.1X operates in the typical client/server model and defines three entities: Client, Device, and Server, 
as shown in 

Architecture of 802.1X  

 

 

z

 

Client is an entity seeking access to the LAN. It resides at one end of a LAN segment and is 
authenticated by Device at the other end of the LAN segment. Client is usually a user-end device 
such as a PC. 802.1X authentication is triggered when an 802.1X-capable client program is 
launched on Client. The client program must support Extensible Authentication Protocol over LAN 
(EAPOL). 

z

 

Device, residing at the other end of the LAN segment, authenticates connected clients. Device is 
usually an 802.1X-enabled network device and provides access ports (physical or logical) for 
clients to access the LAN. 

z

 

Server is the entity that provides authentication services to Device. Server, normally running 
RADIUS (Remote Authentication Dial-in User Service), serves to perform authentication, 
authorization, and accounting services for users. 

The 802.1X authentication system employs the Extensible Authentication Protocol (EAP) to exchange 
authentication information between the client, device, and authentication server. 

z

 

Between the client and the device, EAP protocol packets are encapsulated using EAPOL to be 
transferred on the LAN.