The IEEE 802.1X is a standard for port-based access control. It provides an
authentication mechanism for the devices which are on a Local Area Network (LAN) or
Wireless Local Area Network (WLAN).
The IEEE 802.1X authentication involves three parties: a supplicant, an authenticator and
an authentication server.
A supplicant is the client/end
user device (station device) which tries to get authenticated by submitting the
credentials such as username, password and digital certificates to an access point
(authenticator). For example: a laptop, a mobile phone or the ATWINC (in the Station mode).
An authenticator is a network
access device which collects the authentication credentials from the supplicant,
encrypts the credentials and relays those credentials to the authentication server
for verification. For example: Ethernet switch or wireless access point.
An authentication server is a
network server which validates the credentials sent by the supplicant based on the
information stored in its database and determines whether to allow or prevent
network access to the supplicant. An authentication server is typically a host
running software supporting the Remote Authentication Dial-In User Service (RADIUS)
and Extensible Authentication Protocol (EAP) protocols.
The authentication server guards to protect the network and does not allow the supplicant
for the network access unless supplicant identity is validated and authorized.Figure 1-1. IEEE 802.1X Authentication
Mechanism
The authenticator encrypts the credentials to forward to the authentication
server. If an authentication server determines the credentials to be valid, the
supplicant is allowed to access the network ports.
