Identity Based Networking Services (IBNS)
Wired and wireless implementations

The 802.1x port-based authentication is supported in two topologies:

  • Point-to-point
  • Wireless LAN

In a point-to-point configuration, only one client can be connected to the 802.1x-enabled switch port. The switch detects the client when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state.

Figure shows 802.1x-port based authentication in a wireless LAN. The 802.1x port is configured as a multiple-host port that becomes authorized as soon as one client is authenticated. When the port is authorized, all other hosts indirectly attached to the port are granted access to the network. If the port becomes unauthorized the switch denies access to the network to all of the attached clients. The port could become unauthorized if re-authentication fails or an EAPOL-logoff message is received. In this topology, the wireless access point is responsible for authenticating the clients attached to it, and the wireless access point acts as a client to the switch.