1.1 IEEE® 802.1X
The IEEE 802.1X is a standard for port-based access control. It provides an authentication mechanism for the devices which are on a Local Area Network (LAN) or Wireless Local Area Network (WLAN).
The IEEE 802.1X authentication involves three parties: a supplicant, an authenticator and an authentication server.
- A supplicant is the client/end user device (station device) which tries to get authenticated by submitting the credentials such as username, password and digital certificates to an access point (authenticator). For example: a laptop, a mobile phone or the ATWINC (in the Station mode).
- An authenticator is a network access device which collects the authentication credentials from the supplicant, encrypts the credentials and relays those credentials to the authentication server for verification. For example: Ethernet switch or wireless access point.
- An authentication server is a network server which validates the credentials sent by the supplicant based on the information stored in its database and determines whether to allow or prevent network access to the supplicant. An authentication server is typically a host running software supporting the Remote Authentication Dial-In User Service (RADIUS) and Extensible Authentication Protocol (EAP) protocols.
The authentication server guards to protect the network and does not allow the supplicant
for the network access unless supplicant identity is validated and authorized.
The authenticator encrypts the credentials to forward to the authentication server. If an authentication server determines the credentials to be valid, the supplicant is allowed to access the network ports.