O'Reilly logo

Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control by Daniel V. Hoffman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9.2. Microsoft 802.1x

When it comes to 802.1x, many people immediately think of Wireless LAN security. In reality, 802.1x is port-based authentication that can apply to both wired and wireless networks. With authentication being a requirement for port access, this technology can be used to keep unwanted users off of the LAN. In doing so, this is performing an NAC/NAP function.

802.1x consists of two primary components:

  • Supplicant — Requests access to a network.

  • Authenticator — Authenticates supplicants and decides whether or not to grant them access. This can be a wireless access point (WAP) or a Remote Authentication Dial-in User Service (RADIUS) Server

To completely understand 802.1x, you must understand controlled and uncontrolled ports. A controlled port controls to what network addresses communication can take place. Uncontrolled ports allow unrestricted access. Figure 9-1 illustrates controlled and uncontrolled ports.

Figure 9-1. Controlled and uncontrolled ports

By having all devices that are connecting to the LAN placed onto a controlled port, their access is limited to just the Authenticator. This protects the network from having just anyone plug in and gain access. Once authenticated by the Authenticator, the device is placed onto an uncontrolled port and access to the network is unrestricted.

Clearly, the 802.1x functionality can prohibit just any device from gaining ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required