Components

The IEEE 802.1x framework defines three roles in the authentication process. The terminology for these roles is as follows:

Supplicant The supplicant is the endpoint requesting access to the network. For example, this could be an end user device, a printer, or an IP phone.

Authentication server It is the entity that validates the identity of the supplicant and notifies the authenticator to allow or deny the client request for access. For example, a RADIUS server such as ACS may provide authentication server services.

Authenticator It is the device between the supplicant and the authentication server that facilitates authentication. The client is normally directly connected to the authenticator. For example, a switch or a wireless access point would provide authenticator services to clients attempting to access LAN.

Figure 17-1 shows the specific roles of the devices in the network during 802.1x port-based authentication.

Figure 17-1. 802.1x Device Roles

[View full size image]

Figure 17-1. 802.1x Device Roles

[View full size image]

Aulhenticalion Identity Store

Conneclivtfy tí ac Kr.-i i'i Aullianiiç^iiQn Supf^yi

Aulhenticalion Identity Store

Conneclivtfy tí ac Kr.-i i'i Aullianiiç^iiQn Supf^yi lii-nnly

ImsgraBon

Prior to the client authentication, the port will only allow 802.1x protocol, Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the connected port. After the authentication is successful, normal traffic may pass through the port.

0 0

Post a comment