IEEE 802.1X is a standard that allows or denies users entry to a network. All common operating systems use this authentication method.
IEEE 802.1X, what is it?
IEEE 802.1X is a standard that controls access to a local network or Wi-Fi. This stand-alone standard intervenes at the second layer of the OSI model, the security layer which acts on the data link. Its main task is to identify unauthorized users even before they access a network and thus prevent unwanted access. After a thorough check, even previously unknown users can gain local access to the network using the IEEE 802.1X method.
IEEE 802.1X was introduced in 2001 by the Institute of Electrical and Electronics Engineers (IEEE) and was initially intended only for local area networks. The standard has since also been used for Wi-Fi networks. Authentication and authorization are carried out at the hardware port of the network, and different protocols are used for this. The standard is sometimes also called the IEEE Standard for Local and metropolitan area networks–Port-Based Network Access Control. In addition to this access control capability, IEEE 802.1X can be used to determine bandwidths and regulate network usage.
The Institute of Electrical and Electronics Engineers has established many other networking standards that make our everyday digital communication possible. Check out our Digital Guide articles to learn more about this:
What are the prerequisites for IEEE 802.1X?
The authentication procedure with IEEE 802.1X requires three elements: a supplicant, an authenticator or processor, and an authentication server (AS).
The applicants
Requesters, also called “supplicant” in English, refer to all devices that request to be authenticated according to IEEE 802.1X. to access the network. These include, for example, computers, printers, scanners or other devices.
The identifier
It is responsible for verifying applicants to grant or deny them access to the network according to the IEEE 802.1X procedure. If these are in order, it grants access; if they do not match network rules, access is denied. The ID server is an IEEE 802.1X compliant Wi-Fi access point, router, or switch.
The identification server
The authentication server is a Wi-Fi access point, RADIUS server, or LDAP gateway. It is installed in a protected network and allows the identifier to work by comparing requesters’ requests with already registered or predefined permissions.
How does IEEE 802.1X work?
To better understand the basic operation of IEEE 802.1X., we can compare it to ordinary access control. For example, a guest wants to enter a party. At the door, he gives his invitation card. The card is then scanned, then confirmed: the guest is on the list and can therefore enter. On the other hand, if the guest does not have a card or if it is false, he or she will have to stay outside.
With IEEE 802.1X, the supplicant is the guest that transmits its connection data to the authenticator via the EAP protocol (Extensible Authentication Protocol). This sends the verifications to the identification server, which compares them to the predefined authorizations. Permissions can be found in a simple text file or in a database. The server checks the identification data and returns the result to the identifier. If the data is correct, it authorizes the requester to access the network, and, in some cases, additionally allocates bandwidth for network use. If the requester does not appear in the predefined authorizations, the identifier refuses him access.
What are the benefits of IEEE 802.1X?
There are many advantages to using the IEEE 802.1X standard. The first and biggest is certainly the fact that this method has been adopted as a standard and is therefore widely used. IEEE 802.1X is supported by all popular operating systems. This authentication method is easy to set up and offers effective protection against unwanted access. In addition, the standard is versatile: it now works not only for local networks, but also in interaction with virtual local networks and Wi-Fi. In principle, it is possible to define specific connection conditions for each requester. Added to this are additional functions such as management options or the provision and allocation of usage bandwidths.
MAC address as an alternative to IEEE 802.1X?
IEEE 802.1X is supported by almost all operating systems such as Windows, macOS and Linux as well as many types of computer networks. However, there are some devices that do not use the standard such as certain printers or cameras. In this case, you must use the host’s MAC address for authentication and create a username and password from this address. However, this method is not secure compared to IEEE 802.1X and can be misused by unauthorized requesters.
