IEEE 802.1X cheat sheet

By stretch | Monday, November 10, 2008 at 6:17 a.m. UTC

802.1X cheat sheet

Cheat sheet #22 is out today, covering IEEE 802.1X network access control and Extensible Authentication Protocol Over LANs (EAPOL). 802.1X has seen only limited deployment so far, but is sure to become more popular in the near future as it offers the only real security at layer two. Note that the operation of 802.1X on wired networks is very similar to EAP used to secure 802.11 wireless networks (see 802.11i).

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Announcements

Comments


Jochen (guest)
November 10, 2008 at 8:04 a.m. UTC

Thx, good work. You've created the cheat sheet the right time, because I'm preparing at the moment for ONT ;-)


Etherealmind (guest)
November 10, 2008 at 12:56 p.m. UTC

Well, it has been about five years since 802.1x came out so I am not so sure of its popularity. There was a lot of excitement among the security people but it basically doesn't work in real life.

It is possible that when NAC takes off (oh, stop me from laughing) that 802.1x will get another change for greatness.

It is a good technology but server and desktop people don't understand it and usually this causes it to fail.

greg


Roland (guest)
November 10, 2008 at 7:14 p.m. UTC

802.1x is a technology easier to implement than most people think. It integrates perfectly with Windows-based Radius server, auto-vlan assignment is a feature that surprises most of the system administrators I work with. The guest-vlan with a captive portal is a plus to give guests an lawful tracked Internet access. My advice: give it a try!


Carsten (guest)
November 18, 2008 at 10:46 p.m. UTC

We use dot1x for 3 years now on every user faced port of our network (~800). And it just works. It saves me a lot of time since I dont have to configure guest network ports anymore. But the most valuable part of the setup is the management of the vlan port configuration on my radius server. If you deploy IP Phones you will love this feature. It greatly simplifies the rollout.


Pooja
November 7, 2013 at 6:59 p.m. UTC

Hi Jeremy,

your blog is really informative and good. I want to learn more on Extensible authentication protocol and its different variants like EAP-TLS, PEAP and LEAP and how they work If you can write a blog on explaining their working i would really appreciate that. Thanks in advance :-)

Comments have closed for this article due to its age.