6.1. 802.1x mechanism

The 802.1x access control mechanism is deployed in the Local Area Network (LAN) implementing the following technologies:

• – Ethernet technology in the case of access to a switch;
• – Wireless Fidelity (Wi-Fi) in the case of a connection to an access point (AP).

The authentication uses the 802.1x access control mechanism that defines the following three components (Figure 6.1):

• – the supplicant is the device (network host) wishing to access the Ethernet or Wi-Fi network;
• – the authenticator is the device (Ethernet switch or Wi-Fi access point) that controls the supplicant’s access to the LAN;
• – the authentication server is the device that authenticates the supplicant and authorizes access to the LAN.

The 802.1x mechanism relies on the following set of protocols (Figure 6.2):

• – the extensible authentication protocol (EAP) over LAN (EAPOL), exchanged between the supplicant and the authenticator;
• – the EAP exchanged between the supplicant, on the one hand, and the authenticator or authentication server, on the other hand:
  • - the EAP is carried by the EAPOL protocol on the interface between the supplicant and the authenticator;
  • - the EAP carries EAP-Method messages exchanged between the supplicant and the authentication server;
• – the remote authentication dial-in user service (RADIUS) protocol, ...