Configuring 802.1X; Overview; 802.1X Architecture; Access Control Methods - HP 1910 User Manual

Configuring 802.1X

Overview

802.1X is a port-based network access control protocol initially proposed by the IEEE 802 LAN/WAN
committee for the security of wireless LANs (WLANs). It has been widely used on Ethernet for access
control.
802.1X controls network access by authenticating devices connected to the 802.1X-enabled LAN ports.

802.1X architecture

802.1X operates in the client/server model. It comprises three entities: the client (the supplicant), the
network access device (the authenticator), and the authentication server.
Figure 314 Architecture of 802.1X
• The client is a user terminal seeking access to the LAN. It must have 802.1X software to authenticate
to the network access device.
The network access device authenticates the client to control access to the LAN. In a typical 802.1X
•
environment, the network access device uses an authentication server to perform authentication.
The authentication server is the entity that provides authentication services for the network access
•
device. It authenticates 802.1X clients by using the data sent from the network access device, and
returns the authentication results for the network access device to make access decisions. The
authentication server is typically a Remote Authentication Dial-in User Service (RADIUS) server. In a
small LAN, you can also use the network access device as the authentication server.

Access control methods

HP implements port-based access control as defined in the 802.1X protocol, and extends the protocol to
support MAC-based access control.
Port-based access control—once an 802.1X user passes authentication on a port, any subsequent
•
user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.
MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
•
no other online users are affected.
302