{"id":400732,"date":"2024-10-20T04:52:06","date_gmt":"2024-10-20T04:52:06","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/ieee-8802-1x-2021\/"},"modified":"2024-10-26T08:39:43","modified_gmt":"2024-10-26T08:39:43","slug":"ieee-8802-1x-2021","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/ieee\/ieee-8802-1x-2021\/","title":{"rendered":"IEEE 8802-1X-2021"},"content":{"rendered":"

Adoption Standard – Active. Port-based network access control allows a network administrator to restrict the use of IEEE 802(R) LAN service access points (ports) to secure communication between authenticated and authorized devices. This standard specifies a common architecture, functional elements, and protocols that support mutual authentication between the clients of ports attached to the same LAN and that secure communication between the ports, including the media access method independent protocols that are used to discover and establish the security associations used by IEEE 802.1AE(TM) MAC Security.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
4<\/td>\nBlank Page <\/td>\n<\/tr>\n
5<\/td>\nTitle page <\/td>\n<\/tr>\n
7<\/td>\nImportant Notices and Disclaimers Concerning IEEE Standards Documents <\/td>\n<\/tr>\n
10<\/td>\nParticipants <\/td>\n<\/tr>\n
12<\/td>\nIntroduction <\/td>\n<\/tr>\n
13<\/td>\nContents <\/td>\n<\/tr>\n
17<\/td>\nFigures <\/td>\n<\/tr>\n
19<\/td>\nTables <\/td>\n<\/tr>\n
20<\/td>\n1. Overview
1.1 Scope
1.2 Purpose
1.3 Introduction <\/td>\n<\/tr>\n
21<\/td>\n1.4 Provisions of this standard <\/td>\n<\/tr>\n
23<\/td>\n2. Normative references <\/td>\n<\/tr>\n
25<\/td>\n3. Definitions <\/td>\n<\/tr>\n
30<\/td>\n4. Acronyms and abbreviations <\/td>\n<\/tr>\n
32<\/td>\n5. Conformance
5.1 Requirements terminology
5.2 Protocol Implementation Conformance Statement <\/td>\n<\/tr>\n
33<\/td>\n5.3 Conformant systems and system components
5.4 PAE requirements <\/td>\n<\/tr>\n
34<\/td>\n5.5 PAE options
5.6 Supplicant requirements
5.7 Supplicant options
5.7.1 Integration with IEEE Std 802.1AR
5.8 Authenticator requirements
5.9 Authenticator options <\/td>\n<\/tr>\n
35<\/td>\n5.9.1 Integration with IEEE Std 802.1AR
5.10 MKA requirements
5.11 MKA options
5.11.1 Support for PSKs
5.11.2 Key Server support for Group CAs <\/td>\n<\/tr>\n
36<\/td>\n5.11.3 CAK Cache
5.11.4 In-service upgrades
5.12 Virtual port requirements <\/td>\n<\/tr>\n
37<\/td>\n5.13 Virtual port options
5.14 Announcement transmission requirements
5.15 Announcement transmission options
5.16 Announcement reception requirements
5.17 Announcement reception options <\/td>\n<\/tr>\n
38<\/td>\n5.18 Requirements for SNMP access to the PAE MIB
5.19 Options for SNMP access to the PAE MIB
5.20 PAC requirements
5.21 System recommendations
5.22 Prohibitions
5.23 Requirement for YANG data model of a PAE
5.24 Options for YANG data model of a PAE <\/td>\n<\/tr>\n
40<\/td>\n6. Principles of port-based network access control operation <\/td>\n<\/tr>\n
41<\/td>\n6.1 Port-based network access control architecture <\/td>\n<\/tr>\n
42<\/td>\n6.2 Key hierarchy <\/td>\n<\/tr>\n
44<\/td>\n6.2.1 Key derivation function (KDF) <\/td>\n<\/tr>\n
45<\/td>\n6.2.2 Using EAP for CAK key derivation <\/td>\n<\/tr>\n
46<\/td>\n6.2.3 CAK caching and scope
6.2.4 Algorithm agility <\/td>\n<\/tr>\n
47<\/td>\n6.3 Port Access Entity (PAE)
6.3.1 Authentication exchanges <\/td>\n<\/tr>\n
48<\/td>\n6.3.2 Key agreement
6.3.3 Pre-shared keys
6.3.4 Interoperability and connectivity <\/td>\n<\/tr>\n
49<\/td>\n6.3.5 Network announcements, identity, authentication requirements, and status <\/td>\n<\/tr>\n
50<\/td>\n6.3.6 Multi-access LANs
6.4 Port Access Controller (PAC) <\/td>\n<\/tr>\n
51<\/td>\n6.4.1 Uncontrolled Port transmission and reception
6.4.2 Controlled Port transmission and reception <\/td>\n<\/tr>\n
52<\/td>\n6.4.3 PAC management
6.5 Link aggregation <\/td>\n<\/tr>\n
53<\/td>\n6.6 Use of this standard by IEEE Std 802.11 <\/td>\n<\/tr>\n
54<\/td>\n7. Port-based network access control applications
7.1 Host access with physically secure LANs <\/td>\n<\/tr>\n
55<\/td>\n7.1.1 Assumptions and requirements
7.1.2 System configuration and operation <\/td>\n<\/tr>\n
56<\/td>\n7.1.3 Connectivity to unauthenticated systems <\/td>\n<\/tr>\n
57<\/td>\n7.2 Infrastructure support with physically secure LANs <\/td>\n<\/tr>\n
58<\/td>\n7.2.1 Assumptions and requirements <\/td>\n<\/tr>\n
59<\/td>\n7.2.2 System configuration and operation
7.3 Host access with MACsec and point-to-point LANs
7.3.1 Assumptions and requirements <\/td>\n<\/tr>\n
60<\/td>\n7.3.2 System configuration and operation
7.3.3 Connectivity to unauthenticated systems
7.4 Use with MACsec to support infrastructure LANs <\/td>\n<\/tr>\n
61<\/td>\n7.4.1 Assumptions and requirements <\/td>\n<\/tr>\n
62<\/td>\n7.4.2 System configuration and operation
7.4.3 Connectivity to unauthenticated systems
7.5 Host access with MACsec and a multi-access LAN <\/td>\n<\/tr>\n
63<\/td>\n7.5.1 Assumptions and requirements
7.5.2 System configuration and operation <\/td>\n<\/tr>\n
64<\/td>\n7.5.3 Connectivity to unauthenticated systems <\/td>\n<\/tr>\n
65<\/td>\n7.6 Group host access with MACsec <\/td>\n<\/tr>\n
66<\/td>\n7.6.1 Assumptions and requirements
7.6.2 System configuration and operation
7.7 Use with MACsec to support virtual shared media infrastructure LANs
7.7.1 Assumptions and requirements <\/td>\n<\/tr>\n
67<\/td>\n7.7.2 System configuration and operation <\/td>\n<\/tr>\n
69<\/td>\n8. Authentication using EAP <\/td>\n<\/tr>\n
70<\/td>\n8.1 PACP Overview <\/td>\n<\/tr>\n
71<\/td>\n8.2 Example EAP exchanges <\/td>\n<\/tr>\n
72<\/td>\n8.3 PAE higher layer interface <\/td>\n<\/tr>\n
73<\/td>\n8.4 PAE Client interface <\/td>\n<\/tr>\n
75<\/td>\n8.5 EAPOL transmit and receive
8.6 Supplicant and Authenticator PAE timers <\/td>\n<\/tr>\n
76<\/td>\n8.7 Supplicant PACP state machine, variables, and procedures
8.8 Supplicant PAE counters <\/td>\n<\/tr>\n
77<\/td>\n8.9 Authenticator PACP state machine, variables, and procedures <\/td>\n<\/tr>\n
78<\/td>\n8.10 Authenticator PAE counters <\/td>\n<\/tr>\n
79<\/td>\n8.11 EAP methods
8.11.1 MKA and EAP methods <\/td>\n<\/tr>\n
80<\/td>\n8.11.2 Integration with IEEE Std 802.1AR and EAP methods <\/td>\n<\/tr>\n
81<\/td>\n9. MACsec Key Agreement protocol (MKA) <\/td>\n<\/tr>\n
82<\/td>\n9.1 Protocol design requirements <\/td>\n<\/tr>\n
83<\/td>\n9.2 Protocol support requirements
9.2.1 Random number generation
9.2.2 SC identification
9.3 MKA key hierarchy <\/td>\n<\/tr>\n
84<\/td>\n9.3.1 CAK identification
9.3.2 CAK Independence
9.3.3 Derived keys <\/td>\n<\/tr>\n
86<\/td>\n9.4 MKA transport
9.4.1 Message authentication <\/td>\n<\/tr>\n
87<\/td>\n9.4.2 Member identification and message numbers
9.4.3 Determining liveness <\/td>\n<\/tr>\n
88<\/td>\n9.4.4 MKPDU information elements and application data
9.4.5 Addressing
9.4.6 Active and passive participants <\/td>\n<\/tr>\n
89<\/td>\n9.5 Key server election <\/td>\n<\/tr>\n
90<\/td>\n9.5.1 MKPDU application data
9.6 Use of MACsec <\/td>\n<\/tr>\n
91<\/td>\n9.6.1 MKPDU application data
9.7 Cipher suite selection
9.7.1 MKPDU application data <\/td>\n<\/tr>\n
92<\/td>\n9.8 SAK generation, distribution, and selection <\/td>\n<\/tr>\n
93<\/td>\n9.8.1 SAK generation
9.8.2 Use of AES Key Wrap <\/td>\n<\/tr>\n
94<\/td>\n9.8.3 MKPDU application data
9.9 SA assignment
9.9.1 MKPDU application data
9.10 SAK installation and use <\/td>\n<\/tr>\n
95<\/td>\n9.10.1 MKPDU application data <\/td>\n<\/tr>\n
96<\/td>\n9.11 Connectivity change detection
9.12 CA formation and group CAK distribution
9.12.1 Use of AES Key Wrap
9.12.2 MKPDU application data <\/td>\n<\/tr>\n
97<\/td>\n9.13 Secure announcements
9.13.1 MKPDU application data
9.14 MKA participant creation and deletion <\/td>\n<\/tr>\n
98<\/td>\n9.15 MKA participant timer values <\/td>\n<\/tr>\n
99<\/td>\n9.16 MKA management <\/td>\n<\/tr>\n
101<\/td>\n9.17 MKA SAK distribution examples
9.17.1 Two participants
9.17.2 Another participant joins <\/td>\n<\/tr>\n
102<\/td>\n9.18 In-service upgrades
9.18.1 Initiating suspension <\/td>\n<\/tr>\n
103<\/td>\n9.18.2 Suspending
9.18.3 Suspended members <\/td>\n<\/tr>\n
104<\/td>\n9.18.4 Resuming operation
9.18.5 XPN support <\/td>\n<\/tr>\n
105<\/td>\n9.18.6 Managing in-service upgrades <\/td>\n<\/tr>\n
106<\/td>\n9.18.7 MKPDU application data
9.19 In-service upgrade examples
9.19.1 Requested by end station in point-to-point CA <\/td>\n<\/tr>\n
107<\/td>\n9.19.2 Initiated by Key Server in point-to-point CA <\/td>\n<\/tr>\n
108<\/td>\n9.19.3 Intermediate systems suspending multiple CAs
9.19.4 Key Server suspends in a group CA <\/td>\n<\/tr>\n
109<\/td>\n10. Network announcements
10.1 Announcement information <\/td>\n<\/tr>\n
112<\/td>\n10.2 Making and requesting announcements <\/td>\n<\/tr>\n
114<\/td>\n10.3 Receiving announcements
10.4 Managing announcements <\/td>\n<\/tr>\n
116<\/td>\n11. EAPOL PDUs
11.1 EAPOL PDU transmission, addressing, and protocol identification
11.1.1 Destination MAC address <\/td>\n<\/tr>\n
118<\/td>\n11.1.2 Source MAC address
11.1.3 Priority
11.1.4 Ethertype use and encoding <\/td>\n<\/tr>\n
119<\/td>\n11.2 Representation and encoding of octets
11.3 Common EAPOL PDU structure
11.3.1 Protocol Version
11.3.2 Packet Type <\/td>\n<\/tr>\n
120<\/td>\n11.3.3 Packet Body Length
11.3.4 Packet Body
11.4 Validation of received EAPOL PDUs <\/td>\n<\/tr>\n
121<\/td>\n11.5 EAPOL protocol version handling <\/td>\n<\/tr>\n
122<\/td>\n11.6 EAPOL-Start <\/td>\n<\/tr>\n
123<\/td>\n11.7 EAPOL-Logoff
11.8 EAPOL-EAP
11.9 EAPOL-Key <\/td>\n<\/tr>\n
124<\/td>\n11.10 EAPOL-Encapsulated-ASF-Alert
11.11 EAPOL-MKA <\/td>\n<\/tr>\n
126<\/td>\n11.11.1 MKA parameter encoding <\/td>\n<\/tr>\n
133<\/td>\n11.11.2 Validation of MKPDUs
11.11.3 Encoding MKPDUs <\/td>\n<\/tr>\n
134<\/td>\n11.11.4 Decoding MKPDUs
11.12 EAPOL-Announcement <\/td>\n<\/tr>\n
136<\/td>\n11.12.1 Network Identity (NID) Set TLV
11.12.2 Access Information TLV <\/td>\n<\/tr>\n
137<\/td>\n11.12.3 MACsec Cipher Suites TLV <\/td>\n<\/tr>\n
138<\/td>\n11.12.4 Key Management Domain TLV
11.12.5 Organizationally Specific and Organizationally Specific Set TLVs <\/td>\n<\/tr>\n
139<\/td>\n11.12.6 Validation of EAPOL-Announcements
11.12.7 Encoding EAPOL-Announcements
11.12.8 Decoding EAPOL-Announcements <\/td>\n<\/tr>\n
140<\/td>\n11.13 EAPOL-Announcement-Req <\/td>\n<\/tr>\n
141<\/td>\n12. PAE operation
12.1 Model of operation <\/td>\n<\/tr>\n
143<\/td>\n12.2 KaY interfaces <\/td>\n<\/tr>\n
145<\/td>\n12.3 CP state machine interfaces <\/td>\n<\/tr>\n
146<\/td>\n12.4 CP state machine
12.4.1 CP state machine variables and timers
12.5 Logon Process <\/td>\n<\/tr>\n
148<\/td>\n12.5.1 Controlling connectivity
12.5.2 Active and passive participation <\/td>\n<\/tr>\n
149<\/td>\n12.5.3 Network Identities
12.5.4 Session statistics <\/td>\n<\/tr>\n
150<\/td>\n12.6 CAK cache <\/td>\n<\/tr>\n
151<\/td>\n12.7 Virtual port creation and deletion <\/td>\n<\/tr>\n
152<\/td>\n12.8 EAPOL Transmit and Receive Process
12.8.1 EAPOL frame reception statistics <\/td>\n<\/tr>\n
153<\/td>\n12.8.2 EAPOL frame reception diagnostics
12.8.3 EAPOL frame transmission statistics <\/td>\n<\/tr>\n
154<\/td>\n12.9 PAE management
12.9.1 System level PAE management <\/td>\n<\/tr>\n
155<\/td>\n12.9.2 Identifying PAEs and their capabilities
12.9.3 Initialization <\/td>\n<\/tr>\n
157<\/td>\n13. PAE MIB
13.1 The Internet Standard Management Framework
13.2 Structure of the MIB
13.3 Relationship to other MIBs
13.3.1 System MIB Group
13.3.2 Relationship to the Interfaces MIB <\/td>\n<\/tr>\n
159<\/td>\n13.3.3 Relationship to the MAC Security MIB <\/td>\n<\/tr>\n
166<\/td>\n13.4 Security considerations
13.5 Definitions for PAE MIB <\/td>\n<\/tr>\n
216<\/td>\n14. YANG Data Model
14.1 PAE management using YANG <\/td>\n<\/tr>\n
217<\/td>\n14.2 Security considerations <\/td>\n<\/tr>\n
218<\/td>\n14.3 802.1X YANG model structure <\/td>\n<\/tr>\n
219<\/td>\n14.4 Relationship to other YANG data models
14.4.1 General <\/td>\n<\/tr>\n
220<\/td>\n14.4.2 Relationship to the System Management YANG model <\/td>\n<\/tr>\n
221<\/td>\n14.4.3 Relationship to the Interface Management YANG model <\/td>\n<\/tr>\n
228<\/td>\n14.4.4 The Interface Stack Models <\/td>\n<\/tr>\n
233<\/td>\n14.5 Definition of the IEEE 802.1X YANG data model
14.5.1 ieee802-dot1x YANG tree schema <\/td>\n<\/tr>\n
236<\/td>\n14.5.2 ieee802-dot1x-types YANG module <\/td>\n<\/tr>\n
240<\/td>\n14.5.3 ieee802-dot1x YANG module definition <\/td>\n<\/tr>\n
265<\/td>\n14.6 YANG data model use in network access control applications
14.6.1 General
14.6.2 Host access with a physically secure point-to-point LAN (7.1) <\/td>\n<\/tr>\n
266<\/td>\n14.6.3 Network access point supporting a physically secure point-to-point LAN (7.1)
14.6.4 Network access point supporting MACsec on a point-to-point LAN (7.3) <\/td>\n<\/tr>\n
268<\/td>\n14.6.5 Network access point supporting MACsec on a multi-access LAN (7.5)
14.6.6 Network access point supporting MACsec over LAG (11.5 of IEEE Std 802.1AE-2018) <\/td>\n<\/tr>\n
270<\/td>\nAnnex A (normative) PICS proforma
A.1 Introduction
A.2 Abbreviations and special symbols <\/td>\n<\/tr>\n
271<\/td>\nA.3 Instructions for completing the PICS proforma <\/td>\n<\/tr>\n
273<\/td>\nA.4 PICS proforma for IEEE 802.1X <\/td>\n<\/tr>\n
274<\/td>\nA.5 Major capabilities and options
A.6 PAE requirements and options <\/td>\n<\/tr>\n
275<\/td>\nA.7 Supplicant requirements and options
A.8 Authenticator requirements and options
A.9 MKA requirements and options <\/td>\n<\/tr>\n
277<\/td>\nA.10 Announcement transmission requirements
A.11 Announcement reception requirements
A.12 Management and remote management
A.13 Virtual ports <\/td>\n<\/tr>\n
278<\/td>\nA.14 PAC
A.15 YANG requirements and options <\/td>\n<\/tr>\n
279<\/td>\nAnnex B (informative) Bibliography <\/td>\n<\/tr>\n
282<\/td>\nAnnex C (normative) State diagram notation <\/td>\n<\/tr>\n
284<\/td>\nAnnex D (informative) IEEE 802.1X EAP and RADIUS usage guidelines
D.1 EAP Session-Id
D.2 RADIUS Attributes for IEEE 802 Networks <\/td>\n<\/tr>\n
285<\/td>\nAnnex E (informative) Support for \u2018Wake-on-LAN\u2019 protocols <\/td>\n<\/tr>\n
286<\/td>\nAnnex F (informative) Unsecured multi-access LANs <\/td>\n<\/tr>\n
288<\/td>\nAnnex G (informative) Test vectors
G.1 KDF <\/td>\n<\/tr>\n
289<\/td>\nG.2 CAK Key Derivation
G.3 CKN Derivation <\/td>\n<\/tr>\n
290<\/td>\nG.4 KEK Derivation
G.5 ICK Derivation <\/td>\n<\/tr>\n
291<\/td>\nG.6 SAK Derivation <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

IEEE\/ISO\/IEC International Standard-Telecommunications and exchange between information technology systems–Requirements for local and
\nmetropolitan area networks–Part 1X:Port-based network access control<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
IEEE<\/b><\/a><\/td>\n2021<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":400739,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2644],"product_tag":[],"class_list":{"0":"post-400732","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-ieee","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/400732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/400739"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=400732"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=400732"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=400732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}