1x configuration, 1x overview, 1x architecture – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 314: Access control methods
301
802.1X configuration
802.1X overview
802.1X is a port-based network access control protocol initially proposed by the IEEE 802 LAN/WAN
committee for securing wireless LANs (WLANs), and it has also been widely used on Ethernet networks
for access control.
802.1X controls network access by authenticating the devices connected to 802.1X-enabled LAN ports.
This chapter describes how to configure 802.1X on an H3C device. You can also configure the port
security feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication.
It applies to a network, a WLAN, for example, that requires different authentication methods for different
users on a port. Port security is beyond the scope of this chapter. It is described in the Security
Configuration Guide for the product.
802.1X architecture
802.1X operates in the client/server model. It comprises three entities: the client (the supplicant), the
network access device (the authenticator), and the authentication server.
Figure 281 802.1X architecture
•
The client is a user terminal seeking access to the LAN. It must have 802.1X software to authenticate
to the network access device.
•
The network access device authenticates the client to control access to the LAN. In a typical 802.1X
environment, the network access device uses an authentication server to perform authentication.
•
The authentication server is the entity that provides authentication services for the network access
device. It authenticates 802.1X clients by using the data sent from the network access device, and
returns the authentication results for the network access device to make access decisions. The
authentication server is typically a Remote Authentication Dial-in User Service (RADIUS) server. In a
small LAN, you can also use the network access device as the authentication server.
Access control methods
H3C implements port-based access control as defined in the 802.1X protocol, and extends the protocol
to support MAC-based access control.