IEEE Standard 802.1x-2001 was approved by both the Institute of Electrical and Electronics Engineers (IEEE) and the American National Standards Institute (ANSI) in 2001. It provides port-based network access control for local and metropolitan area networks:
This standard defines a mechanism for Port-based network access control that makes use of the physical access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in case in which the authentication and authorization process fails (IEEE, 2001, p. iii).
Why would a network security administrator want to implement port-based authentication? Securing network borders is no longer confined to placing a firewall between the Internet and local network. Network borders now include publicly-accessible Ethernet ports and Wireless networks. Simple segmentation or a VLAN for such ports can impede a valid userís networking capabilities. A method was thus needed to securely authenticate users on a per-port basis. Once authentication can be established, a network administrator can be very flexible in how he/she handles authenticated and unauthenticated users. One scenario may be at a university. The library has publicly-accessible Ethernet ports, and allows Internet-only access for (unauthenticated) guests. But authenticated users will still have access to servers and other local resources. Another scenario is a company has an 802.11b Wireless LAN. It does not want any information leaked to the public, so unauthenticated users will not be granted any access. Port-based authentication gives the network security administrator flexibility in securing the internal network.
This document is in PDF format. To view it click here.