802.1X

802.1X provides a robust security framework for networks. It prevents unauthorized access by requiring each user or device to be authenticated before gaining network access.

The protocol supports a variety of authentication methods and is scalable to large networks

The main components of 802.1X are the supplicant (client device), the authenticator (network device, such as a switch or wireless access point), and the authentication server (typically a RADIUS server).

The Authenticator allows or denies network access to the supplicant based on the response received from the authentication server. The client credentials can be a username and password or a digital certificate.

The authenticator does not need to have knowledge of the authentication method (PEAP, EAP-TLS, etc). The authentication messages are tunneled to the authentication server over the RADIUS Protocol.

MAC-based vs port-based authentication