The 802.1x standard is a security solution ratified by the IEEE in June 2001 which can authenticate (identify) a user who wants to access a network (whether wired or wireless). This is done through the use of an authentication server.
802.1x is based on the EAP protocol (Extensible Authentication Protocol), as defined by the IETF. This protocol is used for transporting user identification information.
The EAP protocol is centred around the use of an access controller called an authenticator, which either grants or denies a user access to the network. The user in this system is called a supplicant. The access controller is a basic firewall which acts as an intermediary between the user and an authentication server, and requires very few resources to function. For a wireless network, the access point acts as the authenticator.
The authentication server (sometimes called the NAS, for Network Authentication Service or Network Access Service) can approve the user's identity as transmitted by the network controller, and then grant the user access depending on his or her credentials. What's more, this type of server can store and keep track of information related to the users. In the case of a service provider, for example, these features allow the server to bill them based on how long they were connected or how much data they transferred.
The authentication server is most commonly a RADIUS server (Remote Authentication Dial-In User Service), a standard authentication server defined by RFC 2865 and 2866, but any other authentication service may be used instead.
The following is a summary of how a secure network using the 802.1x standard works:
Besides authenticating users, the 802.1x standard provides users with a secure way to exchange encryption keys, in order to improve overall security.