|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| '''802.1X,''' Port-Based Network Control, is an IEEE standard. The standard allows LAN devices (wired network cabling!<ref>The standard refers to 802 LANs as a whole, including shared media such as 802.11 WLANs. However, only 802.3 LANs are targeted by the functionality discussed in this article.</ref>) to perform an authentication handshake within the 802.3 link layer (Ethernet). | | ;'''EAP-MD5''': |
| The authentication is encapsulated within EAP over LAN (EAPOL) frames. No other traffic, except EAPOL is allowed prior to a successful authentication<ref>It is an authenticator's task to guarantee that non-EAPOL traffic won't be forwarded before an authentication succeeded.</ref><ref>802.1X must not be considered a bullet-proof security mechanism, since all traffic following the authentication phase is not authenticated.</ref>.
| | * '''User''' Enter the user/identity to authenticate with. |
| | * '''Password''' Enter the shared secret for the MD5 challenge/response handshake. |
|
| |
|
| The standard specifies the following parties participating in an 802.1X authentication:
| | =Notes= |
| * Supplicant: The party supplying credentials towards an authenticator on the other side of a point-to-point link. An IP phone fulfills a supplicant's role.
| |
| * Authenticator: The party facilitating the authentication. A switch will usually be the authenticator.
| |
| * Authentication Server: The party providing the authentication service to the authenticator. The 802.1X standard mentions a RADIUS server to be an authentication server.
| |
| | |
| '''Sample Protocol Flow:'''
| |
| | |
| [[Image:802dot1x-EAPOL-640x480.gif]]
| |
| | |
| ''An 802.1X EAP-MD5<ref>innovaphone devices support the EAP-MD5 authentication handshake.</ref> authentication handshake<ref>Message 9 within the sample protocol flow from above does often piggy-back additional RADIUS attributes with the intent to configure VLAN parameters at the authenticator/switch device. 802.1x thereby allows for user-related VLAN configuration at the authenticator/switch.</ref>.''
| |
| | |
| '''EAP-MD5:'''
| |
| * '''User:''' Enter the user/identity to authenticate with.
| |
| * '''Password:''' Enter the shared secret for the MD5 challenge/response handshake.
| |
| | |
| | |
| ==Notes==
| |
| <references/> | | <references/> |
| | [[Concept_802.1X|Concept 802.1X]] |