IEEE 802.1X is a standard for port-based authentication. This standard provides administrators with an authentication mechanism for devices trying to access a LAN or WLAN. 802.1X defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802, which is known as EAP over LAN (EAPOL).

802.1X authentication involves the following entities:

  • Supplicant: Device that tries to access the LAN.

  • Authenticator: A network device, such as an Ethernet switch that authenticates the supplicant.

  • Authentication Server: Typically a host running software supporting the RADIUS and EAP protocols that provides an authentication service to the authenticator.

Until the supplicant is authenticated, the authenticator allows only EAPOL traffic through the port to which the supplicant is connected. Only after the authentication is successful, the authenticator allows normal traffic from the supplicant.

802.1X port-based authentication provides port-level security. It allows LAN access only on ports where a single 802.1X-capable client (supplicant) has entered authorized RADIUS user credentials. 802.1X authentication is recommended for applications where only one client can connect to the port at a time. Using this option, the port processes all IP traffic as if it comes from the same client.