252
Configuring 802.1X
802.1X overview
802.1X is a port-based network access control protocol initially proposed by the IEEE 802 LAN/WAN
committee for the security of WLANs. It has been widely used on Ethernet for access control.
802.1X controls network access by authenticating the devices connected to 802.1X-enabled LAN
ports.
This chapter describes how to configure 802.1X on an HPE device. You can also configure the port
security feature to perform 802.1X. Port security combines and extends 802.1X and MAC
authentication. It applies to a network (for example, a WLAN) that requires different authentication
methods for different users on a port. For more information, see "
802.1X architecture
802.1X operates in the client/server model. It comprises three entities: the client (the supplicant), the
network access device (the authenticator), and the authentication server.
Figure 263 802.1X architecture
•
Client
—A user terminal seeking access to the LAN. It must have 802.1X software to
authenticate to the network access device.
•
Network access device
—Authenticates the client to control access to the LAN. In a typical
802.1X environment, the network access device uses an authentication server to perform
authentication.
•
Authentication
server
—Provides authentication services for the network access device. The
authentication server authenticates 802.1X clients by using the data sent from the network
access device, and returns the authentication results to the network access device to make
access decisions. The authentication server is typically a RADIUS server. In a small LAN, you
can also use the network access device as the authentication server.
Access control methods
HPE devices implement port-based access control as defined in the 802.1X protocol, and extend the
protocol to support MAC-based access control.
•
Port-based access control
—Once an 802.1X user passes authentication on a port, any
subsequent user can access the network through the port without authentication. When the
authenticated user logs off, all other users are logged off.
•
MAC-based
access
control
—Each user is separately authenticated on a port. When a user
logs off, no other online users are affected.
Summary of Contents for FlexNetwork NJ5000
Page 12: ...x Index 440 ...
Page 39: ...27 Figure 16 Configuration complete ...
Page 67: ...55 Figure 47 Displaying the speed settings of ports ...
Page 78: ...66 Figure 59 Loopback test result ...
Page 158: ...146 Figure 156 Creating a static MAC address entry ...
Page 183: ...171 Figure 171 Configuring MSTP globally on Switch D ...
Page 243: ...231 Figure 237 IPv6 active route table ...