Cisco® CCNP Switch Exam Cram Notes : IEEE 802.1x

4. Appendix

4.5 IEEE 802.1x

802.1x authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WAN. The authenticator is a network device, such as an Ethernet switch or wireless access point. The authentication server is typically a host running software supporting the RADIUS and EAP protocols.

Before authentication takes place, the only traffic allowed is EAP-over-LAN(EAPOL), CDP, and STP packets (BDPUs). After the client device has been authenticated, the port is opened, and access to other LAN resources are granted

The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN switch or an Access Point through publicly accessible switch ports.

802.1X consists of three components for port control, which are as follows:

An 802.1X authenticator: This is the port on the switch that has services to offer to an end device, provided the device supplies the proper credentials.

An 802.1X supplicant: This is the end device; for example, a PC that connects to a switch that is requesting to use the services (port) of the device. The 802.1X supplicant must be able to respond to communicate.

An 802.1X authentication server: This is a RADIUS server that examines the credentials provided to the authenticator from the supplicant and provides the authentication service. The authentication server is responsible for letting the authenticator know if services should be granted.

The authentication server (RADIUS) authenticates each workstation (supplicant) that is connected to a switch port before making available any services requested by the user. If the authentication succeeds, normal traffic can pass through the port. The RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server for use with 802.1x port based security protocol.

IEEE 802.3af Power Classes

Power Class Maximum Power Offered at 48V DC Notes
0 15.4 W Default class
1 4.0 W Optional class
7.0 W Optional class
3 5.4 W Optional class
Up to 50 W Optional class (802.3at)

Previous   Contents   


CCNP Switch Cram Notes Contents certexams.com ad