18.1. 802.1X

802.1X is the foundation for dynamic policy configuration and enforcement in many popular NAC architectures. It's the IEEE standard for port-based network access control. 802.1X was designed to securely authenticate users and devices when they attempt to attach to networks — it was initially designed for wired networks but was also adapted for use in wireless networks when they became more popular.

802.1X forces the user or device to authenticate before he, she, or it can transmit any packets on the network — in other words, it has to authenticate you before it assigns you an IP address and gives you a fully functional wired or wireless adapter.

The 802.1X protocols require three components:

• Supplicant: A client-side application with which the user or machine interacts in order to gather credentials and submit them to the authenticator

• Authenticator: Typically a switch or wireless access point that's responsible for performing the authentication and acting as the Policy Enforcement Point after it's granted a device or user access

• Authentication server: Responsible for validating the credentials provided by the authenticator — ensuring that the user has provided an appropriate user name and password, for example.

You can find a detailed definition of each of these components in Chapter 13.