Chapter 11: 802.1X Quarantine Method; About 802.1X - Extreme Networks Sentriant AG Software User's Manual
Version 5.2
Hide thumbs
Also See for Sentriant AG:
- Installation manual (80 pages) ,
- User manual (422 pages) ,
- Software user's manual (494 pages)
Table of Contents
Advertisement
11
802.1X Quarantine Method
About 802.1X
802.1X is a port-based authentication protocol that can dynamically vary encryption keys, and has three
components as follows:
Supplicant—The client; the endpoint that wants to access the network.
●
Authenticator– The access point, such as a switch, that prevents access when authentication fails.
●
The authenticator can be simple and dumb.
Authentication server—The server that authenticates the user credentials; usually a Remote
●
Authentication Dial-In User Service (RADIUS) server.
802.1X is an authentication framework that sends Extensible Authentication Protocol (EAP) messages
packaged in Ethernet frames over LANs (EAPOL). This method provides a savings in overhead
resources because it does not use all of the resources the typical Point-to-Point protocol requires.
EAP supports multiple authentication methods such as:
Kerberos—An authentication system that uses an encrypted ticket to authenticate users.
●
One-time passwords—An authentication system that uses a set of rotating passwords, each of which
●
is used for only one login session.
Certificates—A method for identifying a user that links a public key to the user's or company's
●
identity, allowing them to send digitally signed electronic messages.
Tokens—A credit-card or key-fob sized authentication endpoint that displays a number that is
●
synchronized with the authentication server. The number changes over time, and the user is required
to enter the current number as part of the authentication process.
Public key authentication—In an asymmetric encryption system, two keys are required; a public
●
key and a private key. Either key can encrypt and decrypt messages, but cannot encrypt and decrypt
the same message; that is, if the public key encrypts a message, the private key must decrypt the
message.
The typical 802.1X connections are shown in
as follows:
1 A Client (supplicant) requests access from the access point (AP) (authenticator).
2 The AP (authenticator) opens a port for EAP messages, and blocks all others.
3 The AP (authenticator) requests the client's (supplicant's) identity.
4 The Client (supplicant) sends its identity.
5 The AP (authenticator) passes the identity on to the authentication server.
6 The authentication server performs the authentication and returns an accept or reject message to the
AP (authenticator).
Sentriant AG Software Users Guide, Version 5.2
Figure 138 on page
254; The typical communication flow is
253
Advertisement
Table of Contents
