Scribd Logo
Upload

Welcome to Scribd!

  • 48 views

    802 1X

    Uploaded by

    Bijay Lama
    Wired Ethernet networks do not require authentication by default, allowing any device to access the network simply by plugging into a switch. Triple-A (Authentication, Authorization, Accounting) centralizes network access policies using a AAA server to authenticate users before granting access and authorization. 802.1x implements identity-based networking, requiring a client to authenticate with a username and password via an authentication server before a switch will allow access to the network.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    802 1X

    Uploaded by

    Bijay Lama
    48 views3 pages
    Wired Ethernet networks do not require authentication by default, allowing any device to access the network simply by plugging into a switch. Triple-A (Authentication, Authorization, Accounting) centralizes network access policies using a AAA server to authenticate users before granting access and authorization. 802.1x implements identity-based networking, requiring a client to authenticate with a username and password via an authentication server before a switch will allow access to the network.

    Original Title

    802.1X

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Wired Ethernet networks do not require authentication by default, allowing any device to access the network simply by plugging into a switch. Triple-A (Authentication, Authorization, Accounting) centralizes network access policies using a AAA server to authenticate users before granting access and authorization. 802.1x implements identity-based networking, requiring a client to authenticate with a username and password via an authentication server before a switch will allow access to the network.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    48 views3 pages

    802 1X

    Uploaded by

    Bijay Lama
    Wired Ethernet networks do not require authentication by default, allowing any device to access the network simply by plugging into a switch. Triple-A (Authentication, Authorization, Accounting) centralizes network access policies using a AAA server to authenticate users before granting access and authorization. 802.1x implements identity-based networking, requiring a client to authenticate with a username and password via an authentication server before a switch will allow access to the network.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 3

     Wired Ethernet networks don't have any authentication by default.

     To access the network. All you need to do is plug your ethernet cable into a switch
    and you will gain access to the network with no authentication, no authorization and
    no accounting.
     Triple-A (AAA) or Authentication, Authorization, Accounting is a way to centralize
    policies that are applied to network devices. As an example, you could centralize the
    authentication of users by using a triple A (AAA) server such as Cisco secure ACS

     Authentication means that you are authenticating a username and password before
    a user can access the network or a device on the network.
     Authorization determines what you’re allowed to do once you have been
    authenticated. So are you as an example allowed to go to privilege mode or enable
    mode on a router. Are you allowed to access a server on the network?
     Accounting is a log of what's happened on the network. So as an example, you could
    log user's attempts to access a network device via telnet or SSH.
     In a moment all demonstrate. Triple A using a GNS3 network where I have a Cisco
    ACS server connected. This server is running within VMWare but is connected via a
    GNS3 switch to multiple network devices.
     I'll configure the network to use local authentication and then we'll centralize the
    authentication. so that Loggins authorized from a central AC
     S server rather than having a local username and password database on each
    network device.

     Now to stop anyone just accessing your network. You can implement identity-based
    Authentication or identity-based networks, by using a protocol called 802.1x. The
    IEEE 802X standard, allows you to implement identity-based networking where a
    client machine has to present a username and password before they can gain access
    to the network.

     In 802.1x you have three components or three roles.


     The client also known as the supplicant, is a PC such as a Windows PC running
    802.1X compliant client software
     An Authenticator doesn't authenticate the client that sends authentication
    information through to an authentication server

     The authenticator would be something like an Ethernet switch, which is


    controlling access to the network. The client PC is connected to a port on the
    switch acting as the authenticator and no frames from the client are permitted
    except 802.1x frames before authentication takes place.
     So, when the client sends traffic to the switch acting as the authenticator,
    it will send an 802.1x challenge to the client asking for an authentication
    information.
     a username and password are sent to the switch, but the switch doesn't
    read that information but passes it on to the authentication server which
    could be a Radius or Tacacs server.
     Radius and Tacacs are the protocols used between the authenticator and
    authentication server.
     The authentication server validates the credentials of the client. In other words, it
    makes sure that the client username and password are correct, and that the client is
    allowed to access the network.
     If the username and password are correct ,the authentication server sends a message
    to the authenticator or switch. which then permits the client access to the network.
    The authenticator sends a successful authentication message to the client and now
    when the client forward traffic such as HTTP or telnet traffic that is permitted onto
    the network.
     The important thing with 802.1x is that the client cannot access the network until
    authentication has succeeded based on the information stored in the authentication
    server and authentication server could use a local database. Or it could use a
    centralized directory such as active directory for the storing of usernames and
    passwords.

    You might also like