Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 18 views

    Chapter 16 - IEEE 8021X

    Uploaded by

    nsd8681
    IEEE 802.1X specifies a port-based network access control standard that allows network administrators to restrict access to network ports until a device is authenticated. It defines an architecture with three main entities - a supplicant, authenticator, and authentication server. The supplicant requests access and the authenticator acts to relay authentication between the supplicant and authentication server using the Extensible Authentication Protocol (EAP) over LANs. If authentication is successful, the device is authorized and allowed access to the LAN. IEEE 802.1X is commonly used to secure both wired and wireless networks by authenticating devices before allowing connection to a switch port or wireless access point.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Chapter 16 - IEEE 8021X

    Uploaded by

    nsd8681
    18 views22 pages
    IEEE 802.1X specifies a port-based network access control standard that allows network administrators to restrict access to network ports until a device is authenticated. It defines an architecture with three main entities - a supplicant, authenticator, and authentication server. The supplicant requests access and the authenticator acts to relay authentication between the supplicant and authentication server using the Extensible Authentication Protocol (EAP) over LANs. If authentication is successful, the device is authorized and allowed access to the LAN. IEEE 802.1X is commonly used to secure both wired and wireless networks by authenticating devices before allowing connection to a switch port or wireless access point.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    IEEE 802.1X specifies a port-based network access control standard that allows network administrators to restrict access to network ports until a device is authenticated. It defines an architecture with three main entities - a supplicant, authenticator, and authentication server. The supplicant requests access and the authenticator acts to relay authentication between the supplicant and authentication server using the Extensible Authentication Protocol (EAP) over LANs. If authentication is successful, the device is authorized and allowed access to the LAN. IEEE 802.1X is commonly used to secure both wired and wireless networks by authenticating devices before allowing connection to a switch port or wireless access point.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    18 views22 pages

    Chapter 16 - IEEE 8021X

    Uploaded by

    nsd8681
    IEEE 802.1X specifies a port-based network access control standard that allows network administrators to restrict access to network ports until a device is authenticated. It defines an architecture with three main entities - a supplicant, authenticator, and authentication server. The supplicant requests access and the authenticator acts to relay authentication between the supplicant and authentication server using the Extensible Authentication Protocol (EAP) over LANs. If authentication is successful, the device is authorized and allowed access to the LAN. IEEE 802.1X is commonly used to secure both wired and wireless networks by authenticating devices before allowing connection to a switch port or wireless access point.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 22

    IEEE 802.

    1X

    PORT BASED NETWORK ACCESS


    CONTROL

    1
    DEFINITION

     “Port-based network access control allows a network


    administrator to restrict the use of IEEE 802 LAN service
    access points (ports) to secure communication between
    authenticated and authorized devices”.

     “IEEE std 802.1X specifies an architecture, functional


    elements, and protocols that support mutual authentication
    between the clients of ports attached to same LAN and
    secure communication between the ports”.
    2
    USING IEEE 802.1X
     Purpose:
    a) Port authentication
    b) Access control

     Used in both wired and wireless networks


     Primary goal: to allow for controlled access to the LAN environment
     Authentication of Layer 2 devices
     Before a device is allowed to connect to the physical or logical port
    of a switch or a wireless access point, it first needs to be authenticated
    and authorized.
     Example Uses: Ethernet, Token Ring, 802.11 WLAN

    3
    FUNCTION OF PBNAC

     Port-based network access control regulates access to the


    network, guarding against transmission and reception by
    unidentified or unauthorized parties, and consequent network
    disruption, theft of service, or data loss.

    4
    PBNAC

     It provides an authentication mechanism to devices wishing to


    attach to a LAN or WLAN.

     IEEE 802.1X defines the Encapsulation of the extensible


    authentication protocol (EAP) over IEEE 802 which is known
    as “EAP over LAN” or EAPOL

    5
    WHAT IS IEEE 802.1X ?
     IEEE 802.1x is the IEEE standard for Port based Network
    Access Control.
     It provides an authentication mechanism to devices
    attaching to LAN or WLAN infrastructure.
     IEEE 802.1x defines the encapsulation of the Extensible
    Authentication Protocol over Ethernet type networks.
     Works between the supplicant and the authenticator.
    6
    WHY IEEE 802.1X ?

     For the purpose of providing compatible authentication,


    authorization, and cryptographic key agreement mechanisms
    to support secure communication between devices connected
    by IEEE 802® Local Area Networks (LANs), this standard ,

     Specifies a general method for provision of port-based


    network access control.
    7
    IEEE 802.1X ENTITIES

    8
    802.1X authentication involves three entities;

     A Supplicant (Which is a Client)


     A Authenticator ( an access point)
     An Authentication Server

    9
    1. Supplicant:
    • requests to connect to a LAN

    2. Authenticator:
    • responsible for initiating the authentication process
    • Acting as a relay between the authentication server and
    the supplicant

    3. Authentication server:
    • responsible for doing the actual authentication &
    authorization

    10
    PAE (PORT ACCESS ENTITY)
     The Port Access Entity (PAE) operates the algorithms and protocols associated
    with the authentication mechanisms for a given Port of the System.

     In the Supplicant role, the PAE is responsible for responding to requests from an
    Authenticator for information that will establish its credentials. The PAE that
    performs the Supplicant role in an authentication exchange is known as the
    Supplicant PAE.

     In the Authenticator role, the PAE is responsible for communication with the
    Supplicant, and for submitting the information received from the Supplicant to a
    suitable Authentication Server in order for the credentials to be checked and for
    the consequent authorization state to be determined.

     The PAE that performs the Authenticator role in an authentication exchange is 11

    known as the Authenticator PAE.


    PORT-BASED NETWORK ACCESS
    ARCHITECTURE

    12
    TERMS IN ARCHITECTURE

     Supplicant : The user or client to be authenticated


     Radius Server: The server which does the
    authentication
     Authenticator: The device between the Supplicant
    and the radius server
     EAPOL: Extensible Authentication Protocol Over
    LANs
    13
    KEY ASPECTS:

     Supplicant = End Station Software


     Authenticator = Wired Switch or SSID
     Authentication Server = Ensures certificate or passwords
    are correct.

    14
    15
    16
    SEQUENCE DIAGRAM OF 802.1X PROGRESSION
    Explanation:
     The authenticator sends an EAP request packet to the
    supplicant.
     The supplicant sends an EAP packet to the authenticator.
     The authenticator sends a packet to radius server
     The radius server challenges the authenticator with a token or
    password.

    17
    CONTD..

     The authenticator changes it from the IP to EAPOL.


     The supplicant responds to the challenge and passes it to
    the authentication server.
     If there’s a successful challenge, then the authentication
    server responds with a success message allowing access to
    the LAN.

    18
    AUTHENTICATION USING EAP

     The Extensible Authentication Protocol can be used to


    mutually authenticate a Supplicant PAE and an Authenticator
    PAE, each associated with a Port attached to the same LAN.

     EAP is a general protocol that supports multiple


    authentication mechanisms including the use of Kerberos,
    Public Key Encryption, and One Time Passwords.

    19
    PORT BASED NETWORK ACCESS
    CONTROL APPLICATIONS
     Host access using individual, physically secure, point-to-point
    LANs
     Infrastructure support with physically secure, point-to-point
    LANs
     Host access using MAC and point-to-point or multi-access
    LANs
     Infrastructure LANs using MAC
     Group host access using MAC
    20
     Virtual shared media infrastructure LANs using MAC
    REFERENCES

     IEEE 802.1x Port-Based Network Access Control


    Overview
     https://en.wikipedia.org/wiki/IEEE_802.1X

    21
    THANK YOU !

    22

    You might also like