IEEE 802.1X cheat sheet

By stretch | Monday, November 10, 2008 at 6:17 a.m. UTC

802.1X cheat sheet

Cheat sheet #22 is out today, covering IEEE 802.1X network access control and Extensible Authentication Protocol Over LANs (EAPOL). 802.1X has seen only limited deployment so far, but is sure to become more popular in the near future as it offers the only real security at layer two. Note that the operation of 802.1X on wired networks is very similar to EAP used to secure 802.11 wireless networks (see 802.11i).

About the Author

Jeremy Stretch is a freelance networking engineer, instructor, and the maintainer of PacketLife.net. He currently lives in Fairfax, Virginia, on the edge of the Washington, DC metro area. Although primarily an R&S guy, he likes to get into everything, and runs a free network training lab out of his basement for fun. You can contact him by email or follow him on Twitter.

Posted in Announcements

Comments

Jochen (guest) commented on Monday, November 10, 2008 at 8:04 a.m. UTC

Thx, good work. You've created the cheat sheet the right time, because I'm preparing at the moment for ONT ;-)

Etherealmind (guest) commented on Monday, November 10, 2008 at 12:56 p.m. UTC

Well, it has been about five years since 802.1x came out so I am not so sure of its popularity. There was a lot of excitement among the security people but it basically doesn't work in real life.

It is possible that when NAC takes off (oh, stop me from laughing) that 802.1x will get another change for greatness.

It is a good technology but server and desktop people don't understand it and usually this causes it to fail.

greg

Roland (guest) commented on Monday, November 10, 2008 at 7:14 p.m. UTC

802.1x is a technology easier to implement than most people think. It integrates perfectly with Windows-based Radius server, auto-vlan assignment is a feature that surprises most of the system administrators I work with. The guest-vlan with a captive portal is a plus to give guests an lawful tracked Internet access. My advice: give it a try!

Carsten (guest) commented on Tuesday, November 18, 2008 at 10:46 p.m. UTC

We use dot1x for 3 years now on every user faced port of our network (~800). And it just works. It saves me a lot of time since I dont have to configure guest network ports anymore. But the most valuable part of the setup is the management of the vlan port configuration on my radius server. If you deploy IP Phones you will love this feature. It greatly simplifies the rollout.

Leave a Comment


Register to comment as a member. You'll look cooler.

Optional; will not be displayed publicly or given out.

No commercial links. Only personal (e.g. blog, Twitter, or LinkedIn) and/or on-topic links, please.
The 'V' in VLAN stands for _____.