IEEE Std 802.1X-2020 pdf free download

IEEE Std 802.1X-2020 pdf free download.IEEE Standard for Local and Metropolitan Area Networks Port-Based Network Access Control.
All three roles are necessary to an EAP authentication exchange. The Authenticator and an Authentication Server can be co-located within the same system. allowing that system to perform the authentication function without the need ft)r communication with an external server. However most port-based network access control applications use a separate Authentication Server, to allow centralized administration of authorized parties and their credentials for Authenticators throughout a network. Protocol exchanges between the Authenticator PAE and the Authentication Server (if the server is not co-located with the Authenticator PAE) can be conducted via one or more of the system’s Controlled or Uncontrolled Ports.
NOTE 2—Communication between Authenticator and Authentication Server is outside the scope of this standard, hut typically uses an authentication protocol carried over appropriate higher layer protocols; e.g., EAP in RADIUS. Hence, the Authentication Server can be located outside of the confines of the LAN that supports the protocol exchanges between Supplicant and Authenticator, and the communication to the server need not be subject to the authentication state of the systems concerned. If a Controlled Port is used to achieve communication with the Authentication Server, protocol exchanges can only take place if the Controlled Port is in the authorized state.
The asymmetry in some port-based network access control applications defines appropriate system roles, for example a mobile personal computer that attaches to a network is a Supplicant and the port that supports its attachment an Authenticator. Other applications. e.g. securing the connection between two bridges in the core of a network, lack this natural asymmetry, A system may implement and enable both Authenticator and Supplicant state machines to support such applications, with the attendant possibility that two separate authentication exchanges will complete. The PAE uses MKA (sec 6.3.2) to ensure that communicating peers agree on the use of authentication results: each of the cryptographic keys that it uses (and the authorization data bound to that key) is derived from the result of a single exchange. By itself EAP (supported by PACP) lacks the capability to agree that the results of a particular exchange arc to be used, or indeed to confirm that the communicating peers both believe the same exchange has completed, and should not be used without MKA in applications where a single port requires simultaneous Authenticator and Supplicant functionality. However, if MACsec is not used further keys arc not required, so communication can and should proceed if either the Supplicant or the Authenticator authenticates successfully and MKA is not available.IEEE Std 802.1X-2020 pdf free download.