Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1844
Views
0
Helpful
3
Replies

802.1x

jonk34567
Level 4
Level 4

‎03-12-2018 09:20 PM - edited ‎03-08-2019 02:14 PM

what is 802.1x ? does Tacas and Radius belong to 802.1x ? 

Labels:
0 Helpful
3 Replies 3

syrehan
Level 1
Level 1

‎03-12-2018 11:40 PM

Hi,

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

IEEE 802.1X defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802, which is known as "EAP over LAN" or EAPOL. EAPOL was originally designed for IEEE 802.3 Ethernet in 802.1X-2001, but was clarified to suit other IEEE 802 LAN technologies such as IEEE 802.11 wireless and Fiber Distributed Data Interface (ISO 9314-2) in 802.1X-2004. The EAPOL protocol was also modified for use with IEEE 802.1AE (“MACsec”) and IEEE 802.1AR (Secure Device Identity, DevID) in 802.1X-2010 to support service identification and optional point to point encryption over the local LAN segment.

 

 

The IEEE 802.1X standard defines a client and server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port and assigns the port to a VLAN before making available any services offered by the switch or the LAN.

Until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

 

TACACS and RADIUS are both part of the 802.1x architecture.

 

There are differences between RADIUS and TACACS. 

 

Refer to this URL for a detailed understanding.

 

http://tacacs.net/docs/TACACS_Advantages.pdf

 

0 Helpful

jonk34567
Level 4
Level 4
In response to syrehan

‎03-13-2018 01:13 AM

what is EAP ? what is the relation between Tacas , Radius and EAP.

0 Helpful

syrehan
Level 1
Level 1
In response to jonk34567

‎03-13-2018 01:35 AM

Hi,

 

Extensible Authentication Protocol (EAP) is an authentication protocol that supports multiple authentication methods, passwords, RADIUS, and so on. Lightweight Extensible Authentication Protocol (LEAP) is the Cisco authentication protocol. LEAP is based on EAP, an extension to PPP.

 

This authentication type provides the highest level of security for your wireless network. By using EAP to interact with an EAP-compatible RADIUS server, the Access Point (AP) helps a wireless client device and the RADIUS server perform mutual authentication and derive a dynamic unicast Wired Equivalent Privacy (WEP) key. The RADIUS server sends the WEP key to the AP, which uses it for all unicast data signals that it sends to or receives from the client. The AP also encrypts its broadcast WEP key (entered in the access AP's WEP key slot 1) with the client's unicast key and sends it to the client.

 

There is more than one type of EAP authentication, but the AP behaves the same way for each type. It relays authentication messages from the wireless client device to the RADIUS server, and from the RADIUS server to the wireless client device. For instructions on setting up EAP on the AP, refer to the Assigning Authentication Types to an SSID section of Configuring Authentication Types.

Open authentication allows any device to authenticate and then attempt to communicate with the AP. Where the SSID is set for authentication, type open with EAP authentication. The AP forces all client devices to perform EAP authentication before they are allowed to join the network.

Note: An AP configured for EAP authentication forces all client devices that associate to perform EAP authentication. Client devices that do not use EAP cannot use the AP.

Where the authentication type for the SSID is set to Network-EAP, using EAP to interact with an EAP-compatible RADIUS server, the AP helps a wireless client device and the RADIUS server perform mutual authentication. It also derives a dynamic unicast WEP key. However, the AP does not force all client devices to perform EAP authentication.

For more information on configuring different cipher suits and WEP on the AP, refer to Configuring Cipher Suites and WEP.

 

For additional information, refer to the EAP Authentication to the Networksection of Configuring Authentication Types.

 

For more referencese please have a look at the below mentioned URLs:

 

https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series/44844-leapserver.html

 

https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card