IEEE 802.1X cheat sheet
By stretch | Monday, November 10, 2008 at 6:17 a.m. UTC
Cheat sheet #22 is out today, covering IEEE 802.1X network access control and Extensible Authentication Protocol Over LANs (EAPOL). 802.1X has seen only limited deployment so far, but is sure to become more popular in the near future as it offers the only real security at layer two. Note that the operation of 802.1X on wired networks is very similar to EAP used to secure 802.11 wireless networks (see 802.11i).
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in Announcements
November 10, 2008 at 8:04 a.m. UTC
Thx, good work. You've created the cheat sheet the right time, because I'm preparing at the moment for ONT ;-)
November 10, 2008 at 12:56 p.m. UTC
Well, it has been about five years since 802.1x came out so I am not so sure of its popularity. There was a lot of excitement among the security people but it basically doesn't work in real life.
It is possible that when NAC takes off (oh, stop me from laughing) that 802.1x will get another change for greatness.
It is a good technology but server and desktop people don't understand it and usually this causes it to fail.
November 10, 2008 at 7:14 p.m. UTC
802.1x is a technology easier to implement than most people think. It integrates perfectly with Windows-based Radius server, auto-vlan assignment is a feature that surprises most of the system administrators I work with. The guest-vlan with a captive portal is a plus to give guests an lawful tracked Internet access. My advice: give it a try!
November 18, 2008 at 10:46 p.m. UTC
We use dot1x for 3 years now on every user faced port of our network (~800). And it just works. It saves me a lot of time since I dont have to configure guest network ports anymore. But the most valuable part of the setup is the management of the vlan port configuration on my radius server. If you deploy IP Phones you will love this feature. It greatly simplifies the rollout.
November 7, 2013 at 6:59 p.m. UTC
your blog is really informative and good. I want to learn more on Extensible authentication protocol and its different variants like EAP-TLS, PEAP and LEAP and how they work If you can write a blog on explaining their working i would really appreciate that. Thanks in advance :-)