What Can You Do with 802.1X Network Access Control?
There are many ways to deploy a NAC, but the essentials are:
- Pre-admission control—Blocks unauthenticated messages.
- Device and user detection—Identifies users and devices with pre-defined credentials or machine IDs.
- Authentication and authorization—Verifies and provides access.
- Onboarding—Provisions a device with security, management, or host-checking software.
- Profiling—Scans endpoint devices.
- Policy enforcement—Applies role and permission-based access.
- Post-admission control—Enforces session termination and cleanup.
802.1X provides L2 access control by validating the user or device that is attempting to access a physical port.
How Does 802.1X Network Access Control Work?
The 802.1X NAC operation sequence is as follows:
1. Initiation—The authenticator (typically a switch) or supplicant (client device) sends a session initiation request. A supplicant sends an EAP-response message to the authenticator, which encapsulates the message and forwards it to the authentication server.
2. Authentication—Messages pass between the authentication server and the supplicant via the authenticator to validate several pieces of information.
3. Authorization—If the credentials are valid, the authentication server notifies the authenticator to give the supplicant access to the port.
4. Accounting—RADIUS accounting keeps session records including user and device details, session types, and service details.
5. Termination—Sessions are terminated by disconnecting the endpoint device, or by using management software.
Juniper Networks Implementation
The EX Series Ethernet Switch family is Juniper’s gateway in the campus and branch enterprise network. The EX Series provides extensive 802.1X and RADIUS support as well as several 802.1x enhancements. It expands the number of ways to deal with the incoming access requests, and by simplifying wide-scale deployment of network access control. Additionally, solutions offered by Juniper’s select vendors—Aruba Networks ClearPass Policy Management Platform and Pulse Secure—provide full-spectrum management of your network access control.