IEEE 802.1X – the standard for controlling access via WLAN or ethernet
The IEEE 802.1X standard is a port-based security method for standardized authentication and authorization in networks. The a IEEE 802.1X standard was adopted by the IEEE in June 2001.
In a system of port-based access control, unauthorized clients, whether in wireless LAN networks (WLAN) or wired networks (ethernet), must first authenticate themselves before they are permitted to connect and communicate with other network components.
Simple monitoring by IEEE 802.1X of every attempt to access the network
Networks that work with the IEEE 802.1X standard regulate access to particular resources in accordance with a user identification and particular approvals such as a company's security guidelines (policy). Building upon the EAP (extensible authentication protocol), which provides a general framework for a variety of registration methods and is independent of proprietary log-on protocols, IEEE 802.1X can be used in both wired and wireless networks.As the most important security element in the network, the IEEE 802.1X standard takes effect as early as the network port stage – protecting the network at the front door, so to speak. Access to the network ensues after the user's identity has been checked (authentication), thus triggering the allocation of access rights to users (authorization) and the facilitation of data generation for the invoicing of network access (accounting). For that reason, these three functions are usually described as a triple-A system. The IEEE 802.1X standard additionally makes it possible for any user to be allocated an individual bandwidth (QoS) and supports the single sign-on procedure in connection with a RADIUS server. This means that users need undergo only a single check before accessing the network and using different applications and systems.
Supplicant is the name given to a software component in the operating systems of IEEE 802.1X-enabled devices. The supplicant must authenticate itself in accordance with the network policy.
The authentication server (usually a RADIUS server) provides the authenticator with the authentication service – in other words the execution of the access check. The user profiles deposited on the authentication server contain all the access rights, QoS and access data.
The authenticator is located between the supplicant and the network being protected and checks the authenticity of the supplicant. The authenticator can be an IEEE 802.1X-enabled switch or router or a WLAN access point.
Mode of operation
An IEEE 802.1X-enabled device would like to access a network and is requested by the authenticator to authenticate itself. The authenticator sends an enquiry to an authentication server regarding the device's credentials and then compares them with those of the supplicant. If the supplicant's credentials are valid, the supplicant is allowed access to the network. If the supplicant's credentials do not comply with the user profile deposited on the authentication server, the connection with the user is broken off and access denied or restricted.
Authentication in accordance with the IEEE 802.1X standard is indispensable for the safeguarding of your networks and corporate data – above all in the interests of a long-term strategy for securing local network access. Authentication solely by way of the clients' MAC addresses no longer serves as an alternative to that.
All of AUCONET's solutions give full support to the IEEE 802.1X standard.
