ELI5: What is 802.1X?
It’s like a hall pass system at school — before you can walk the hallways, you have to show your pass to the teacher at the door. 802.1X checks every device trying to connect to a network before letting it in.
Definition
802.1X is an IEEE standard for port-based Network Access Control (NAC) that prevents unauthorized devices from accessing a network at the data-link layer. It uses the Extensible Authentication Protocol (EAP) to authenticate devices before granting network access through a switch port or wireless access point. The three roles involved are the supplicant (client device), authenticator (switch or AP), and authentication server (typically RADIUS).
Key Details
- Three components: supplicant (device), authenticator (switch/AP), authentication server (RADIUS/LDAP)
- Used in both wired and wireless NAC implementations
- EAP variants include EAP-TLS (certificate-based, strongest), PEAP, and EAP-TTLS
- The authenticator blocks all traffic except EAP until authentication succeeds
- Commonly combined with VLAN assignment based on authentication result
Connections
- Parent: nac — 802.1X is the primary protocol used to implement NAC
- See also: remediation-network