802.1X: Port-Based Network Access Control

Full title: IEEE Standard for Local and metropolitan area networks–Port-Based Network Access Control

IEEE 802 LANs are deployed in networks that convey or provide access to critical data, that support mission critical applications, or that charge for service. Protocols that configure, manage, and regulate access to these networks and network-based services and applications typically run over the networks themselves. Port-based network access control regulates access to the network, guarding against transmission and reception by unidentified or unauthorized parties, and consequent network disruption, theft of service, or data loss.

Data frames are transmitted and received using the MAC Service specified in IEEE Std 802.1AC. Port-based network access control:

  • Uses the unsecured MAC Service provided by an end station or bridge port to support
    • A Controlled Port that provides secure access-controlled communication, and
    • An Uncontrolled Port used by authentication and key management protocols to initiate secure Controlled Port communication.
  • Requires mutual authentication of peer systems that wish to communicate through their Controlled Ports, specifying the use of the Extensible Authentication Protocol (EAP, RFC 3748) and its encapsulation over LANs (EAPOL).
  • Specifies the MACsec Key Agreement (MKA) protocol, supporting the use of IEEE Std 802.1AE MAC Security to cryptographically protect Controlled Port communication.

Current Status

Standard Available free from the IEEE Get Program
Status Approved February 2nd 2010, Published 5th February 2010.
Amendments 802.1Xbx–2014
P802.1Xck(Active Project)
Editor Mick Seaman
Sidebar