Ordinarily, when you connect a computer to a network (via Ethernet, Wi-Fi, or some other means), that computer automatically has network access. The user may need to provide credentials to log in to specific servers or resources, but access to the local network itself (and, usually, to the Internet) is open. A networking protocol known as 802.1X aims to increase network security by requiring each device to authenticate (typically, with a username and password, although other means of authentication, such as smart cards and biometrics, are also supported) before any network access is granted — other than to the authentication mechanism itself.
A typical implementation of 802.1X involves a central authentication server — usually a RADIUS server — that maintains a database of each user's credentials. A device that wants to connect to the network is called a supplicant; it sends a request for authentication to a device called an authenticator, which functions as a network switch. As long as the switch is off, supplicants can communicate only with the authenticator. But once the authenticator has validated the user's credentials against the information on the authentication server, it flips the switch, and the supplicant's traffic travels freely through the authenticator to the rest of the network.
For more on configuring Mac OS X Server's RADIUS server, see Chapter 31.
802.1X is used more frequently for wireless networks than for wired networks because its ...