The IEEE 802.1X standard defines port-based NAC. In English, this means the protocol authenticates users on a per-switch port (or Wireless Access Point [WAP]) basis, allowing access for valid users and effectively disabling the port when authentication fails. The 802.1X standard relies on EAP for its heavy lifting; EAP is currently defined in RFC 3748. 802.1X is most often associated with WAPs, for the obvious reason that a wireless infrastructure, by its very nature, opens itself up to any and all takers, and hence may want to authenticate users before allowing them in. That being said, there is no reason that what is good for a wireless network cannot also be a benefit for a wired infrastructure. For example, you may have wall jacks that are in an unsecured area in a public meeting room that is shared by internal users and external guests, and you would like to offer intranet and Internet access to the former, but only Internet access to the latter.

802.1X does not replace other security technologies. 802.1X works with port security features such as DHCP snooping, DAI, and MAC limiting to guard against DoS attacks and spoofing.