IEEE 802.1X-2001

Specification of: (a) mechanisms to allow network access decisions, made using existing standard higher layer authentication and authorization protocols, to be enforced at individual ports of a networked system; (b) encoding of those protocols over 802 LANs where no suitable encoding is yet defined. The project will not define or require systems that are enforcing network access decisions to: (c) process or interpret authentication information; (d) modify user data frames to secure conversations; (e) filter user data frames based on layer 2 or higher layer adressing or protocol information. The access control mechanism will be usable on LAN ports of all types of systems attached to a LAN, including bridges, routers, servers and other end stations.

There is no standard mechanism that allows a network administrator to control access to and from a LAN segment based on the authenticated state of a port user. Simple network connectivity affords anonymous access to enterprise data and the global Internet. As 802 LANs are deployed in more accessible areas, there is an increasing need to authenticate and authorize basic network access. The proposed project will provide common interoperable solutions using standards based authentication and authorization infrastructures already supporting schemes such as dial up access.

New IEEE Standard - Superseded. This IEEE Standards product is part of the 802 family on LAN/MAN. Port-based network access control makes use of the physical access characteristics of IEEE 802 Local Area Networks (LAN) infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases in which the authentication and authorization process fails.