Home

8021X

IEEE 802.1X is a standard from the IEEE 802.1 Working Group that provides port-based Network Access Control for wired and wireless local area networks. It defines an authentication framework that operates at the data link layer and uses a three-party model: the supplicant (the endpoint seeking access), the authenticator (a network device such as a switch or wireless access point that enforces access control), and the authentication server (typically a RADIUS server that validates credentials).

Communication between supplicant and authenticator uses EAP over LAN (EAPOL). The authenticator forwards authentication messages to

802.1X is widely used in enterprise networks for both wired and wireless connections. It requires compatible

Management and deployment considerations: a centralized RADIUS server is typical, with supplicants and authenticators configured for

the
authentication
server,
usually
via
RADIUS.
If
authentication
succeeds,
the
authenticator
permits
the
endpoint
to
access
the
network,
and
may
apply
authorizations
such
as
VLAN
assignment
or
access
control
lists.
If
authentication
fails,
access
can
be
denied
or
limited.
hardware
and
software
on
all
sides
and
is
often
combined
with
dynamic
VLAN
assignment.
Many
networks
implement
MAC
Authentication
Bypass
(MAB)
as
a
fallback
for
devices
that
do
not
support
802.1X.
The
most
common
authentication
methods
are
various
EAP
types,
such
as
EAP-TLS
and
EAP-PEAP,
which
can
rely
on
certificates,
passwords,
or
smart
cards.
the
appropriate
policy.
While
802.1X
strengthens
access
control,
it
is
commonly
used
with
additional
security
measures
such
as
encryption,
posture
assessment,
and
network
segmentation;
it
does
not
by
itself
verify
all
endpoint
security.