Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Desktop virtualization cheat sheet
•	IBM cat brain simulation dismissed as 'hoax' by rival scientist
•	Microsoft issues security advisory on IE exploit, patch in works
•	Cisco pedigree wins over VCs
•	Google Chrome: Redefining end user computing
•	De-Worm Your iPhone
•	Microsoft begins paving path for IT, cloud integration
•	Ciena will pay $769M for Nortel's metro Ethernet business
•	Malware enlists jailbroken iPhones for botnet
•	Check Point tackles Web 2.0 apps and social-site widget control
•	Cisco's free iPhone app grabs security feeds
•	New attack fells Internet Explorer
•	Global warming research exposed after hack
•	The broadband gap: Is FCC grabbing for the wrong tool?
•	IBM smartphone software translates 11 languages
•	More breaking news

LANs /

Securing the LAN, Part 2

Sign up to receive this and other networking newsletters in your inbox.

By Jeff Caruso
Network World High Speed LANs Newsletter, 02/14/01

Last week we started talking about IEEE 802.1x, which defines a way for users to authenticate themselves to a network. This week, let's talk more about how the mechanism works.

The standard being drafted gets some help from the IETF's RFC 2284, which specifies Extensible Authentication Protocol (EAP), a general protocol for authentication which supports multiple authentication mechanisms. IEEE 802.1x specifies how EAP should be encapsulated in LAN frames.

Here's how IEEE 802.1x would be used. You can also look at this PDF file to get the story with some nice diagrams, put together by Hewlett-Packard's Paul Congdon:

grouper.ieee.org/groups/802/1/mirror/8021/docs2000/P8021XOverview.PDF

A user initiates the conversation by requesting a connection through a wired Ethernet port or a wireless Ethernet access point. The switch (or bridge or access point) then requests the identity of the user, who then responds. The switch then turns around and tells a RADIUS authentication server elsewhere on the network that the user is requesting access. The server asks for proof of identity from the switch, which gets the proof from the user and sends it back to the server. If the server likes what it sees, it tells the switch so, which in turn grants the user access to network services.

Is this something that you are considering using? Let me know at jcaruso@nww.com.

RELATED LINKS

In addition to writing this newsletter, Jeff Caruso edits Network World's e-mail newsletters from his office on New York's Long Island. If you would like to make suggestions about newsletter format or content, or even just express your opinion on today's topic, you can reach Jeff at jcaruso@nww.com.

High Speed LANs archive
Past newsletters.

Cisco Web switches found to have security cracks
Network World, 02/12/01

Wireless LAN holes exposed
Network World, 02/12/01

Enterasys brings policy enforcement closer to users
Network World, 02/12/01

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

Click Here

alt text

Click Here

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.