Authentication with 802.1x

Moustapha Rachidi — Mon, 11 Mar 2019 05:56:38 GMT

Hello there,

I know the concept of 802.1x but I am having here some trouble with English language since I live and was born in a non speaking English country. So the question is which 802.1x component seeks authentication:

The supplicant, authenticator or authentication server?

If what I understood is correct "which component will be authenticated" my answer would be the supplicant.

Can you please advise

The Authentication-server

Karsten Iwen — Wed, 29 Jul 2015 08:19:23 GMT

The Authentication-server only gets active when there is an authentication-request. So that one doesn't seek authentication.

What happens:

Port comes up
Both the supplicant and the switchport know that .1x is needed and they start sending out EAPoL frames. It could be either the supplicant or the switchport that starts first. So both seek to start an authentication process. But it's the supplicant that needs to be authenticated to get access to the network.
Based on the EAP-type, the supplicant first authenticates the authentication-server. That is done to make sure the supplicant doesn't send his credentials to a rouge server.
After that, the authentication-server authenticates the supplicant.

> If what I understood is correct "which component will be authenticated" my answer would be the supplicant.

That's what is needed to provide network access to the client. But it's not the only authentication that is typically done.

topic Authentication with 802.1x in Network Access Control

Authentication with 802.1x

The Authentication-server