Definition

802.1X

Contributor(s): Andrew Livesley

The 802.1X standard is designed to enhance the security of wireless local area networks (WLANs) that follow the IEEE 802.11 standard. 802.1X provides an authentication framework for wireless LANs, allowing a user to be authenticated by a central authority. The actual algorithm that is used to determine whether a user is authentic is left open and multiple algorithms are possible.

802.1X uses an existing protocol, the Extensible Authentication Protocol (EAP, RFC 2284), that works on Ethernet, Token Ring, or wireless LANs, for message exchange during the authentication process.

In a wireless LAN with 802.1X, a user (known as the supplicant) requests access to an access point (known as the authenticator). The access point forces the user (actually, the user's client software) into an unauthorized state that allows the client to send only an EAP start message. The access point returns an EAP message requesting the user's identity. The client returns the identity, which is then forwarded by the access point to the authentication server, which uses an algorithm to authenticate the user and then returns an accept or reject message back to the access point. Assuming an accept was received, the access point changes the client's state to authorized and normal traffic can now take place.

The authentication server may use the Remote Authentication Dial-In User Service (RADIUS), although 802.1X does not specify it.

This was last updated in September 2005

Continue Reading About 802.1X

Dig Deeper on Mobile data, back-end services and infrastructure

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

In a wireless environment usually a username and password is asked for instead of asking for the mac-address. How does the dot 1 x scenario work in this case??
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close