802.1X: Port-Based Network Access Control

Full title: IEEE Standard for Local and metropolitan area networks–Port-Based Network Access Control

IEEE 802 LANs are deployed in networks that convey or provide access to critical data, that support mission critical applications, or that charge for service. Protocols that configure, manage, and regulate access to these networks and network-based services and applications typically run over the networks themselves. Port-based network access control regulates access to the network, guarding against transmission and reception by unidentified or unauthorized parties, and consequent network disruption, theft of service, or data loss.

Data frames are transmitted and received using the MAC Service specified in IEEE Std 802.1AC. Port-based network access control:

  • Uses the unsecured MAC Service provided by an end station or bridge port to support
    • A Controlled Port that provides secure access-controlled communication, and
    • An Uncontrolled Port used by authentication and key management protocols to initiate secure Controlled Port communication.
  • Requires mutual authentication of peer systems that wish to communicate through their Controlled Ports, specifying the use of the Extensible Authentication Protocol (EAP, RFC 3748) and its encapsulation over LANs (EAPOL).
  • Specifies the MACsec Key Agreement (MKA) protocol, supporting the use of IEEE Std 802.1AE MAC Security to cryptographically protect Controlled Port communication.

IEEE 802.1 Security Task Group projects and related standards.

Current Status

Standard IEEE Std 802.1X-2020
Status Available free from the IEEE Get Program.
Editor Mick Seaman

Project History

Project Revision of IEEE Std 802.1X-2010 and amendments
Editor Mick Seaman
Supersedes 802.1X-2010: Port-Based Network Access Control
802.Xbx-2014: MKA Extensions
802.Xck-2014: YANG Data Model