Identity Based Networking Services (IBNS)
802.1x

802.1x is a standardized framework defined by the IEEE, designed to provide port-based network access. 802.1x authenticates network clients using information unique to the client and with credentials known only to the client. This service is called port-level authentication because, for security reasons, it is offered to a single endpoint for a given physical port. The 802.1x framework defines three roles in the authentication process :

  • The endpoint that is seeking network access is known as the supplicant. The supplicant may be an end user device or a standalone device, such as an IP phone.
  • The device to which the supplicant directly connects and through which the supplicant obtains network access permission is known as the authenticator.
  • The authenticator acts as a gateway to the authentication server, which is responsible for actually authenticating the supplicant.

The authentication process, which consists of exchanges of Extensible Authentication Protocol (EAP) messages, occurs between the supplicant and the authentication server . The authenticator acts as a transparent relay for this exchange and as a point of enforcement for any policy configuration instructions the authentication server may send back as a result of the authentication process.

The IEEE 802.1x specification defines a new link layer protocol, 802.1x, which is used for communications between the supplicant and the authenticator. Communications between the supplicant and authentication server also leverage the RADIUS protocol carried over standard UDP.

Some 802.1x benefits are shown in Figure .

IEEE 802.1x is a well-defined standard with industry-wide acceptance. Supplicant, authenticator, and authentication server implementations are available from many vendors, including Cisco.