Skip to main content

Cisco ccie exam Introduction to the 802.1X protocol


Cisco ccie exam Introduction to the 802.1X protocol

The IEEE802 LAN/WAN committee proposed the 802.1X protocol to solve the problem of wireless LAN network security. Later, the 802.1X protocol, which is a common access control mechanism for LAN ports, is widely used in Ethernet, mainly to solve the problems of authentication and security in Ethernet.cisco ccie exam

The 802.1x protocol is based on the Client/Server access control and authentication protocol. It can restrict unauthorized users/devices from accessing LAN/WLAN through an access port. 802.1x authenticates users/devices connected to the switch port before obtaining the various services provided by the switch or LAN. Before the authentication is passed, 802.1x only allows EAPOL (LAN-based Extended Authentication Protocol) data to pass through the switch port to which the device is connected; after authentication is passed, normal data can successfully pass through the Ethernet port.cisco ccie exam

802.1X architecture

An 802.1X system is a typical Client/Server structure. It consists of three entities: the client, the device, and the server.

The client is an entity located at one end of the LAN segment and is authenticated by the device at the other end of the link.cisco ccie exam. The client is generally a user terminal device, and the user can initiate 802.1X authentication by starting the client software. The client must support EAPOL (Extensible Authentication Protocol over LAN).

The device is another entity located at one end of the LAN segment and authenticates the connected client. The device is usually a network device that supports the 802.1X protocol. It provides the client with a port for accessing the LAN. The port can be either a physical port or a logical port.

An authentication server is an entity that provides authentication services for the device side. The authentication server is used to authenticate, authorize, and charge users. It is usually a RADIUS (Remote Authentication Dial-In User Service) server.

work process:
1. Open the 802.1X client program when the user has Internet access, enter the user name and password that have been applied for and registered, and initiate a connection request. At this point, the client program will send a message requesting authentication to the switch and start an authentication process.

2. After the switch receives the data frame requesting authentication, it will issue a request frame requesting the user's client program to send the entered user name.

3. The client program responds to the request from the switch and sends the username information to the switch through the data frame. The switch sends the data frame sent by the client to the authentication server for processing.

4. After receiving the username information forwarded by the switch, the authentication server compares the information with the username table in the database, finds the password information corresponding to the username, and encrypts it with a randomly generated encryption word. At the same time, the encrypted word is also transmitted to the switch, which is transmitted to the client program by the switch.

5. After the client program receiving the encrypted word from the switch,it encrypts the password part with the encrypted word (this encryption algorithm is usually irreversible) and transmits it to the authentication server through the switch.

6. The authentication server will compare the encrypted password information sent to it with its own encrypted password information. If it is the same, the user is considered to be a legitimate user.it will give feedback to the authenticated message, And issuing an instruction to open the port to the switch, allowing the user's service flow to access the network through the port.

Controlled/uncontrolled port

The device side provides the client with a port for accessing the LAN. This port is divided into two logical ports: a controlled port and an uncontrolled port. Any frame arriving at this port is visible on both the controlled and uncontrolled ports.

The uncontrolled port is always in the bidirectional state. It is mainly used to transmit EAPOL protocol frames to ensure that the client can always send or receive authentication packets.

The controlled port is in bidirectional connectivity under the authorization state ,and is used to transmit service packets. In the unauthorized state, it is forbidden to receive any packets from the client.

Authorized/unauthorized status

The device uses the authentication server to perform authentication on the client that needs to access the local area network, and controls the authorized/unauthorized status of the controlled port according to the authentication result (Accept or Reject).

The figure shows the effect of different authorization states on the controlled port on packets passing the port.The figure compares the port status of two 802.1X authentication systems. The figure compares the port status of two 802.1X authentication systems.




The user can control the authorization status of the port through the mode of access control configured under the port. The port supports the following three access control modes:

Authorized-force mode: Indicates that the port is always in the authorized state, allowing users to access network resources without authentication and authorization.

Forced unauthorized mode (unauthorized-force): indicates that the port is always in an unauthorized state and does not allow users to perform authentication. The device does not provide authentication services for clients accessing the port.

Auto-recognition mode (auto): Indicates that the port is in an unauthorized state. Only the EAPOL packets are allowed to be sent and received.cisco ccie exam The user is not allowed to access network resources. If the authentication succeeds, the port is switched to the authorized state to allow users to access network resources. This is also the most common situation.

In the 802.1x protocol, security issues have been the focus of 802.1x opponent attacks. In fact, this problem has indeed plagued 802.1x technology for a long time, and even limited the application of 802.1x technology. In the 802.1x protocol, security issues have been the focus of 802.1x opponent attacks.cisco ccie exam. In fact, this problem has indeed plagued 802.1x technology for a long time, and even limited the application of 802.1x technology.

Publisher:IE LAB

publish Website: http://ielab.network

WhatsApp: +8617782638871

Skype:live:ielab.anna

Cisco ccie exam Introduction to the 802.1X protocol

Comments

Post a Comment

Popular posts from this blog

Cisco ccie exam Linux overview and history

      Cisco ccie exam Linux overview and history Simply put, the Linux operating system is a clone of the UNIX operating system, which was born on October 5, 1991 (the first time it was officially announced). It's the same as Microsoft's Windows, apple's MAC OS and android on mobile phones. Cisco ccie exam.Compared to ordinary people, Linux system may be relatively unfamiliar, and most of them are probably familiar with Windows system. Since the graphical interface of Windows is simpler and easier to use, Windows occupies more markets, and Linux systems are mainly command-line operations, which are more demanding for professionalism.Cisco ccie exam Linux systems are stable, secure, and have strong concurrency, so they are widely used in the server field. The professional servers are almost all Linux systems. Linux is open source, free, everyone can see the source code of Linux, you can use Linux for free. And the Linux kernel is short and lean, and some can only be a ...
Post a Comment
Read more

Cisco ccie exam Introduction to the OpenFlow protocol

Cisco ccie exam Introduction to the OpenFlow protocol OpenFlow, a network communication protocol, belongs to the data link layer and can control the forwarding plane of the network switch or router, thereby changing the network path of the network packet. OpenFlow protocol background: Forwarding and control separation is one of the essential features of SDN networks.In the SDN network architecture, the control plane is separated from the forwarding plane, the management and state of the network are logically grouped together, and the underlying network infrastructure is independent from the application, thereby enabling the network to achieve unprecedented programmable, controllable, and automated capabilities.Cisco ccie exam. This makes it easy for users to build highly scalable elastic networks based on business needs. To implement the transfer separation architecture of the SDN network, a communication interface standard needs to be established between the SDN controller and the dat...
Post a Comment
Read more

CISCO CCIE EXAM 5G and WIFI6, still can't tell? (1)

cisco ccie exam 5G and WIFI6, still can't tell? (1) Ⅰ. the opening: On October 3, 2018, the Wi-Fi Alliance officially incorporated WiFi based on the 802.11ax standard into the regular army and became the sixth generation WiFi technology. The WiFi specification was renamed, the standard 802.11n was renamed to WiFi 4, the standard 802.11ac was renamed to WiFi 5, and the new standard 802.11ax was renamed to WiFi 6. (Of course, the previous generation of 802.11b/a/g can be chased as WiFi 1/2/3) Not only changed the naming convention of WiFi, but also in the network connection of WiFi devices. Also all use the new UI icon. The icon will display the level of the WiFi network you are currently connected to through the most intuitive numbers. Wi-Fi is well known to us. Wi-fi has evolved from 802.11b in 1999 and has gone through five generations. The Wi-Fi Alliance announced the simplification of the name of the new Wi-fi to Wi-fi6 when it introduced the new generation of 802.11ax stan...
Post a Comment
Read more