Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
241
Views
0
Helpful
1
Replies

Authentication with 802.1x

Go to solution
Moustapha Rachidi
Level 1
Level 1

‎07-28-2015 10:55 PM - edited ‎03-10-2019 10:56 PM

Hello there,

 

I know the concept of 802.1x  but I am having here some trouble with English language since I live and was born in a non speaking English country. So the question is which 802.1x component seeks authentication:

The supplicant, authenticator or authentication server?

If what I understood is correct "which component will be authenticated" my answer would be the supplicant.

Can you please advise

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎07-29-2015 01:19 AM

The Authentication-server only gets active when there is an authentication-request. So that one doesn't seek authentication.

What happens:

  1. Port comes up
  2. Both the supplicant and the switchport know that .1x is needed and they start sending out EAPoL frames. It could be either the supplicant or the switchport that starts first. So both seek to start an authentication process. But it's the supplicant that needs to be authenticated to get access to the network.
  3. Based on the EAP-type, the supplicant first authenticates the authentication-server. That is done to make sure the supplicant doesn't send his credentials to a rouge server.
  4. After that, the authentication-server authenticates the supplicant.

 

> If what I understood is correct "which component will be authenticated" my answer would be the supplicant.

That's what is needed to provide network access to the client. But it's not the only authentication that is typically done.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎07-29-2015 01:19 AM

The Authentication-server only gets active when there is an authentication-request. So that one doesn't seek authentication.

What happens:

  1. Port comes up
  2. Both the supplicant and the switchport know that .1x is needed and they start sending out EAPoL frames. It could be either the supplicant or the switchport that starts first. So both seek to start an authentication process. But it's the supplicant that needs to be authenticated to get access to the network.
  3. Based on the EAP-type, the supplicant first authenticates the authentication-server. That is done to make sure the supplicant doesn't send his credentials to a rouge server.
  4. After that, the authentication-server authenticates the supplicant.

 

> If what I understood is correct "which component will be authenticated" my answer would be the supplicant.

That's what is needed to provide network access to the client. But it's not the only authentication that is typically done.
0 Helpful
Customers Also Viewed These Support Documents