IEEE 802.1X
What is IEEE 802.1X?
IEEE 802.1XA port-based network access control standard that authenticates a device or user before allowing traffic to pass on a wired or wireless port.
IEEE 802.1X defines a framework in which a supplicant (the client) authenticates to an authenticator (a switch or wireless access point), which forwards credentials to an authentication server, typically RADIUS. Until authentication succeeds, only EAPoL traffic is permitted on the port; once it succeeds, the port is opened and may be assigned a VLAN, ACL, or quality-of-service profile. 802.1X supports many EAP methods including EAP-TLS with mutual certificates, PEAP, and EAP-TTLS, allowing strong, certificate-based authentication for both machines and users. It is the foundation of enterprise NAC, WPA2/WPA3-Enterprise Wi-Fi, and modern zero-trust access on the LAN.
● Examples
- 01
An employee laptop authenticates with EAP-TLS over a wired port and is dropped into the corporate VLAN.
- 02
A WPA2-Enterprise Wi-Fi network uses 802.1X with RADIUS to identify each user before granting access.
● Frequently asked questions
What is IEEE 802.1X?
A port-based network access control standard that authenticates a device or user before allowing traffic to pass on a wired or wireless port. It belongs to the Network Security category of cybersecurity.
What does IEEE 802.1X mean?
A port-based network access control standard that authenticates a device or user before allowing traffic to pass on a wired or wireless port.
How do you defend against IEEE 802.1X?
Defences for IEEE 802.1X typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for IEEE 802.1X?
Common alternative names include: 802.1X, Port-based NAC.