Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

802.1X: So Much To Learn, So Little Time

802.1X is a relatively simple protocol once you understand how it works. It's all the moving parts like EAP, EAP Types, RADIUS, and RADIUS attributes, that get complicated. Sorting out how it all works and the shortcomings of 802.1X is well worth your time if you want to implement network access control.
Implementing 802.1X Security Solutions for Wired and Wireless Networks by Jim Geier (Wiley; 2008) is a 330-page book on the topic. The first five chapters explain how 802.1X and all its components works. The descriptions are functional and I found them very useful. Starting out in Chapter 2 (Chapter 1 is a networking primer that you can skip), Geier introduces us to the major components like supplicant, authenticator, authentication server, EAP, EAPOL, and Remote Authentication Dial-In User Service, or RADIUS, in an 802.1X deployment and explains their roles. If all you want is an overview of 802.1X, you can stop there.

Chapters 3, 4, and 5 dig into EAPOL, the protocol used to transmit EAP over the LAN; RADIUS, which transmits credentials to an authentication server; and EAP methods, which describe the individual authentication protocols. Those first four chapters create a solid foundation to begin to deploy 802.1X using any variety of products.

The latter half of the book is more implementation-focused and I think of less relative value unless you're running Cisco gear and a Juniper RADIUS server. Those are the two products he uses to illustrate his points. Interesting choices. The implementation chapters lacked the breadth of network equipment coverage that makes the chapters more universal. Certainly Cisco has the lion's share of access switches, but other access switches also are widely deployed and implement 802.1X features differently than Cisco. I would have gone with Microsoft's RADIUS server since it's free with Windows Server and works well in a Windows network. Reading the subsequent chapters does provide some insight into setting up a 802.1X-enabled network, but you should run a small pilot first to work out any kinks.

Geier isn't the only person hot on 802.1X. Jennifer Jabbusch's What is 802.1X? Here's a Technology Primer for You, is a pretty concise overview if you don't want to get into the nitty-gritty details that Geier's book covers. David Newman, while doing some access switch testing for Network World, dug into various implementations of NAC in hardware and wrote up the results on NAC/802.1X support in access switches, noting that it's all over the map. The results are astounding. Finally, there are changes in 802.1X being discussed in the IEEE. Jabbusch clues us in about 802.1X-REV.

Me? I think book-learning is great, but I need to see stuff in action. You can set-up an 802.1X pilot in a few hours with a Windows Server, IAS, Microsoft's RADIUS server, and an 802.1X-capable switch. Microsoft's white paper, Wired Networking with 802.1X Authentication, and your switch configuration guides should get you going.