IEEE 802.1X-2004

$109.42

IEEE Standard for Local and metropolitan area networks – Port-Based Network Access Control

Published By	Publication Date	Number of Pages
IEEE	2004	179

Guaranteed Safe Checkout

Category: IEEE

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

Revision Standard – Superseded. Revision of IEEE Std 802.1X-2001 Port-based network access control makes use of the physical access characteristics of IEEE 802 Local Area Networks (LAN) infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to that port in cases in which the authentication and authorization process fails.

PDF Catalog

PDF Pages	PDF Title
1	IEEE Standard for Local and Metropolitan Area Networks—Port-Based Network Access Control
3	Title Page
5	Introduction Participants
8	CONTENTS
11	1. Overview 1.1 Scope 1.2 Purpose
13	2. References
16	3. Definitions 3.1 Terms defined in this standard
17	3.2 Terms defined in IEEE Std 802.1D 3.3 Terms defined in The Authoritative Dictionary of IEEE Standards Terms [B5]
18	4. Acronyms and abbreviations
19	5. Conformance 5.1 Requirements 5.2 Options
21	6. Principles of Port Access Control operation 6.1 Purpose of Port Access Control operation 6.2 Scope of Port Access Control operation
22	6.3 Systems, Ports, and system roles 6.4 Controlled and uncontrolled access
27	6.5 Reception and transmission control
28	6.6 Port Access Entity (PAE) 6.6.1 Authenticator role
29	6.6.2 Supplicant role 6.6.3 Port access restrictions
30	6.6.4 Logoff mechanisms 6.7 Coupling two EAPOL authentications
31	6.8 Use of Port Access Control with IEEE Std 802.3
33	7. EAP encapsulation over LANs (EAPOL) 7.1 Transmission and representation of octets 7.2 EAPOL MPDU format for use with IEEE 802.3/Ethernet
34	7.3 EAPOL MPDU format for use with IEEE 802.2 Logical Link Control (LLC) 7.4 Tagging EAPOL MPDUs 7.5 EAPOL MPDU field and parameter definitions 7.5.1 PAE Ethernet type 7.5.2 Subnetwork Access Protocol (SNAP)-encoded Ethernet type 7.5.3 Protocol version 7.5.4 Packet type
35	7.5.5 Packet Body length 7.5.6 Packet Body 7.5.7 Validation of received EAPOL MPDUs and EAPOL protocol version handling
37	7.6 Key Descriptor format 7.6.1 Descriptor type 7.6.2 Descriptor Body
38	7.6.3 RC4 Key Descriptor 7.6.3.1 Key length 7.6.3.2 Replay counter 7.6.3.3 Key IV 7.6.3.4 Key index
39	7.6.3.5 Key message digest 7.6.3.6 Key 7.6.3.7 Construction and interpretation of an RC4 Key Descriptor 7.6.4 IEEE 802.11 Key Descriptor Type
40	7.7 EAP packet format-informative 7.7.1 Code 7.7.2 Identifier 7.7.3 Length 7.7.4 Data
41	7.8 EAPOL addressing
42	7.9 Use of EAPOL in shared media LANs
43	8. Port Access Control Protocol 8.1 Introduction to protocol operation 8.1.1 Overview
44	8.1.2 Authentication initiation
45	8.1.2.1 Authenticator initiation 8.1.2.2 Supplicant initiation 8.1.3 EAPOL-Logoff 8.1.4 Timing out authorization state information
46	8.1.5 Retransmission 8.1.6 Migration considerations
47	8.1.7 Relaying EAP frames 8.1.8 Example EAP exchanges
50	8.1.9 Transmission of key information
51	8.2 PACP state machines
52	8.2.1 Notational conventions used in state diagrams
54	8.2.2 Timers and global variables used in the definition of the state machines 8.2.2.1 Timers
55	8.2.2.2 Global variables
57	8.2.3 Port Timers state machine
58	8.2.3.1 Variables used in the definition of the Port Timers state machine 8.2.3.1.1 Variables 8.2.4 Authenticator PAE state machine 8.2.4.1 Variables, constants, and procedures used in the definition of the Authenticator PAE state machine 8.2.4.1.1 Variables
60	8.2.4.1.2 Constants 8.2.4.1.3 Procedures 8.2.4.2 Counters maintained by the Authenticator PAE state machine 8.2.4.2.1 authEntersConnecting
61	8.2.4.2.2 authEapLogoffsWhileConnecting 8.2.4.2.3 authEntersAuthenticating 8.2.4.2.4 authAuthSuccessesWhileAuthenticating 8.2.4.2.5 authAuthTimeoutsWhileAuthenticating 8.2.4.2.6 authAuthFailWhileAuthenticating 8.2.4.2.7 authAuthEapStartsWhileAuthenticating 8.2.4.2.8 authAuthEapLogoffWhileAuthenticating 8.2.4.2.9 authAuthReauthsWhileAuthenticated 8.2.4.2.10 authAuthEapStartsWhileAuthenticated 8.2.4.2.11 authAuthEapLogoffWhileAuthenticated
62	8.2.4.3 INITIALIZE 8.2.4.4 DISCONNECTED 8.2.4.5 RESTART 8.2.4.6 CONNECTING
63	8.2.4.7 AUTHENTICATING 8.2.4.8 AUTHENTICATED 8.2.4.9 ABORTING 8.2.4.10 HELD
64	8.2.4.11 FORCE_AUTH 8.2.4.12 FORCE_UNAUTH 8.2.5 Authenticatior Key Transmit state machine
65	8.2.5.1 Variables, constants, and procedures used in the definition of the Authenticator Key Transmit state machine 8.2.5.1.1 Procedures 8.2.6 Supplicant Key Transmit state machine
66	8.2.6.1 Variables, constants, and procedures used in the definition of the Supplicant Key Transmit state machine 8.2.6.1.1 Variables 8.2.6.1.2 Constants 8.2.6.1.3 Procedures
67	8.2.7 Key Receive state machine 8.2.7.1 Variables and procedures used in the definition of the Key Receive state machine 8.2.7.1.1 Variables 8.2.7.1.2 Procedures 8.2.8 Reauthentication Timer state machine
68	8.2.8.1 Constants used in the definition of the Reauthentication Timer state machine 8.2.9 Backend Authentication state machine 8.2.9.1 Variables, constants, and procedures used in the definition of the Backend Authentication state machine 8.2.9.1.1 Variables
70	8.2.9.1.2 Constants 8.2.9.1.3 Procedures 8.2.9.2 Counters maintained by the Backend Authentication state machine 8.2.9.2.1 backendResponses 8.2.9.2.2 backendAccessChallenges 8.2.9.2.3 backendOtherRequestsToSupplicant
71	8.2.9.2.4 backendAuthSuccesses 8.2.9.2.5 backendAuthFails 8.2.9.3 REQUEST 8.2.9.4 RESPONSE
72	8.2.9.5 SUCCESS 8.2.9.6 FAIL 8.2.9.7 TIMEOUT 8.2.9.8 IDLE 8.2.9.9 INITIALIZE
73	8.2.9.10 IGNORE 8.2.10 Controlled Directions state machine
74	8.2.10.1 Variables used in the definition of the Controlled Directions state machine 8.2.11 Supplicant PAE state machine
76	8.2.11.1 Variables, constants, and procedures used in the definition of the Supplicant PAE state machine 8.2.11.1.1 Variables 8.2.11.1.2 Constants 8.2.11.1.3 Procedures 8.2.11.2 LOGOFF
77	8.2.11.3 DISCONNECTED 8.2.11.4 CONNECTING 8.2.11.5 AUTHENTICATING 8.2.11.6 HELD 8.2.11.7 AUTHENTICATED
78	8.2.11.8 RESTART 8.2.11.9 S_FORCE_AUTH 8.2.11.10 S_FORCE_UNAUTH 8.2.12 Supplicant Backend state machine
80	8.2.12.1 Variables, constants, and procedures used in the definition of the Supplicant Backend state machine 8.2.12.1.1 Variables 8.2.12.1.2 Constants 8.2.12.1.3 Procedures 8.2.12.2 REQUEST
81	8.2.12.3 RESPONSE 8.2.12.4 SUCCESS 8.2.12.5 FAIL 8.2.12.6 TIMEOUT 8.2.12.7 IDLE 8.2.12.8 INITIALIZE 8.2.12.9 RECEIVE
82	9. Management of Port Access Control 9.1 Management functions 9.1.1 Configuration Management 9.1.2 Fault Management
83	9.1.3 Performance Management 9.1.4 Security Management 9.1.5 Accounting Management 9.2 Managed objects
84	9.3 Data types 9.4 Authenticator PAE managed objects 9.4.1 Authenticator Configuration
85	9.4.1.1 Read Authenticator Configuration 9.4.1.1.1 Purpose 9.4.1.1.2 Inputs 9.4.1.1.3 Outputs
86	9.4.1.2 Set Authenticator Configuration 9.4.1.2.1 Purpose 9.4.1.2.2 Inputs
87	9.4.1.2.3 Outputs 9.4.1.3 Reauthenticate 9.4.1.3.1 Purpose 9.4.1.3.2 Inputs 9.4.1.3.3 Outputs 9.4.1.3.4 Effect
88	9.4.2 Authenticator Statistics 9.4.2.1 Read Authenticator Statistics 9.4.2.1.1 Purpose 9.4.2.1.2 Inputs 9.4.2.1.3 Outputs
89	9.4.3 Authenticator Diagnostics 9.4.3.1 Read Authenticator Diagnostics 9.4.3.1.1 Purpose 9.4.3.1.2 Inputs 9.4.3.1.3 Outputs
90	9.4.4 Authenticator Session Statistics 9.4.4.1 Read Authenticator Session Statistics 9.4.4.1.1 Purpose 9.4.4.1.2 Inputs 9.4.4.1.3 Outputs
91	9.5 Supplicant PAE managed objects 9.5.1 Supplicant Configuration
92	9.5.1.1 Read Supplicant Status 9.5.1.1.1 Purpose 9.5.1.1.2 Inputs 9.5.1.1.3 Outputs
93	9.5.1.2 Set Supplicant Configuration 9.5.1.2.1 Purpose 9.5.1.2.2 Inputs
94	9.5.1.2.3 Outputs 9.5.2 Supplicant Statistics 9.5.2.1 Read Supplicant Statistics 9.5.2.1.1 Purpose 9.5.2.1.2 Inputs 9.5.2.1.3 Outputs
95	9.6 System managed objects 9.6.1 System Configuration 9.6.1.1 Read System Configuration 9.6.1.1.1 Purpose 9.6.1.1.2 Inputs 9.6.1.1.3 Outputs
96	9.6.1.2 Set System Configuration 9.6.1.2.1 Purpose 9.6.1.2.2 Inputs 9.6.1.2.3 Outputs 9.6.1.3 Initialize Port 9.6.1.3.1 Purpose 9.6.1.3.2 Inputs 9.6.1.3.3 Outputs 9.6.1.3.4 Effect
97	10. Management protocol 10.1 Introduction 10.2 The Internet-Standard Management Framework 10.3 Security considerations 10.4 Structure of the MIB 10.4.1 Relationship to the managed objects defined in Clause 9
100	10.4.2 The PAE System Group
101	10.4.3 The PAE Authenticator Group 10.4.4 The PAE Supplicant Group 10.5 Relationship to other MIBs 10.5.1 Relationship to the Interfaces MIB
102	10.6 Definitions for Port Access Control MIB
138	Annex A (normative)—PICS Proforma
146	Annex B (informative)—Scenarios for the use of Port-Based Network Access Control
150	Annex C (informative) —Design considerations and background material for Port-Based Network Access Control
157	Annex D (informative)— IEEE 802.1X RADIUS Usage Guidelines
175	Annex E (informative)— PAE state machine interface with higher layers: EAP and AAA
179	Annex F (informative)—Bibliography

Additional information

Standard Title	IEEE Standard for Local and metropolitan area networks – Port-Based Network Access Control
Published Code	IEEE
Publication Date	2004
Pages Count	179

Preview PDF


PDF Format	Searchable	Printable	Preview Now

IEEE 802.1X-2004

PDF Catalog

Related products