{"id":112163,"date":"2024-10-18T16:22:38","date_gmt":"2024-10-18T16:22:38","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/ieee-iso-iec-8802-1x-2013\/"},"modified":"2024-10-24T22:03:56","modified_gmt":"2024-10-24T22:03:56","slug":"ieee-iso-iec-8802-1x-2013","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/ieee\/ieee-iso-iec-8802-1x-2013\/","title":{"rendered":"IEEE ISO IEC 8802 1X 2013"},"content":{"rendered":"

Adoption Standard – Active. Port-based network access control allows a network administrator to restrict the use of IEEE 802(R) LAN service access points (ports) to secure communication between authenticated and authorized devices. This standard specifies a common architecture, functional elements, and protocols that support mutual authentication between the clients of ports attached to the same LAN and that secure communication between the ports, including the media access method independent protocols that are used to discover and establish the security associations used by IEEE 802.1AE(TM) MAC Security.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
5<\/td>\nIEEE Std 802.1X-2010 Front cover <\/td>\n<\/tr>\n
7<\/td>\nTitle page <\/td>\n<\/tr>\n
10<\/td>\nIntroduction
Notice to users
Laws and regulations <\/td>\n<\/tr>\n
11<\/td>\nCopyrights
Updating of IEEE documents
Errata
Interpretations
Patents <\/td>\n<\/tr>\n
12<\/td>\nContents <\/td>\n<\/tr>\n
16<\/td>\nList of figures <\/td>\n<\/tr>\n
18<\/td>\nList of tables <\/td>\n<\/tr>\n
19<\/td>\nImportant notice
1. Overview
1.1 Scope
1.2 Purpose <\/td>\n<\/tr>\n
20<\/td>\n1.3 Introduction
1.4 Provisions of this standard <\/td>\n<\/tr>\n
22<\/td>\n2. Normative references <\/td>\n<\/tr>\n
24<\/td>\n3. Definitions <\/td>\n<\/tr>\n
28<\/td>\n4. Acronyms and abbreviations <\/td>\n<\/tr>\n
30<\/td>\n5. Conformance
5.1 Requirements terminology
5.2 Protocol Implementation Conformance Statement <\/td>\n<\/tr>\n
31<\/td>\n5.3 Conformant systems and system components
5.4 PAE requirements <\/td>\n<\/tr>\n
32<\/td>\n5.5 PAE options
5.6 Supplicant requirements
5.7 Supplicant options
5.7.1 Integration with IEEE Std 802.1AR
5.8 Authenticator requirements
5.9 Authenticator options <\/td>\n<\/tr>\n
33<\/td>\n5.9.1 Integration with IEEE Std 802.1AR
5.10 MKA requirements
5.11 MKA options
5.11.1 Support for PSKs
5.11.2 Key Server support for Group CAs
5.11.3 CAK Cache <\/td>\n<\/tr>\n
34<\/td>\n5.12 Virtual port requirements
5.13 Virtual port options
5.14 Announcement transmission requirements <\/td>\n<\/tr>\n
35<\/td>\n5.15 Announcement transmission options
5.16 Announcement reception requirements
5.17 Announcement reception options
5.18 Requirements for SNMP access to the PAE MIB
5.19 Options for SNMP access to the PAE MIB
5.20 PAC requirements <\/td>\n<\/tr>\n
36<\/td>\n5.21 System recommendations
5.22 Prohibitions <\/td>\n<\/tr>\n
37<\/td>\n6. Principles of port-based network access control operation
6.1 Port-based network access control architecture <\/td>\n<\/tr>\n
39<\/td>\n6.2 Key hierarchy <\/td>\n<\/tr>\n
41<\/td>\n6.2.1 Key derivation function (KDF)
6.2.2 Using EAP for CAK key derivation <\/td>\n<\/tr>\n
43<\/td>\n6.2.3 CAK caching and scope
6.2.4 Algorithm agility
6.3 Port Access Entity (PAE)
6.3.1 Authentication exchanges <\/td>\n<\/tr>\n
44<\/td>\n6.3.2 Key agreement <\/td>\n<\/tr>\n
45<\/td>\n6.3.3 Pre-shared keys
6.3.4 Interoperability and connectivity <\/td>\n<\/tr>\n
46<\/td>\n6.3.5 Network announcements, identity, authentication requirements, and status
6.3.6 Multi-access LANs <\/td>\n<\/tr>\n
47<\/td>\n6.4 Port Access Controller (PAC) <\/td>\n<\/tr>\n
48<\/td>\n6.4.1 Uncontrolled Port transmission and reception
6.4.2 Controlled Port transmission and reception
6.4.3 PAC management <\/td>\n<\/tr>\n
49<\/td>\n6.5 Link aggregation <\/td>\n<\/tr>\n
50<\/td>\n6.6 Use of this standard by IEEE Std 802.11 <\/td>\n<\/tr>\n
51<\/td>\n7. Port-based network access control applications
7.1 Host access with physically secure LANs <\/td>\n<\/tr>\n
52<\/td>\n7.1.1 Assumptions and requirements
7.1.2 System configuration and operation <\/td>\n<\/tr>\n
53<\/td>\n7.1.3 Connectivity to unauthenticated systems <\/td>\n<\/tr>\n
54<\/td>\n7.2 Infrastructure support with physically secure LANs <\/td>\n<\/tr>\n
55<\/td>\n7.2.1 Assumptions and requirements <\/td>\n<\/tr>\n
56<\/td>\n7.2.2 System configuration and operation
7.3 Host access with MACsec and point-to-point LANs
7.3.1 Assumptions and requirements <\/td>\n<\/tr>\n
57<\/td>\n7.3.2 System configuration and operation
7.3.3 Connectivity to unauthenticated systems
7.4 Use with MACsec to support infrastructure LANs <\/td>\n<\/tr>\n
58<\/td>\n7.4.1 Assumptions and requirements
7.4.2 System configuration and operation
7.4.3 Connectivity to unauthenticated systems <\/td>\n<\/tr>\n
59<\/td>\n7.5 Host access with MACsec and a multi-access LAN <\/td>\n<\/tr>\n
60<\/td>\n7.5.1 Assumptions and requirements
7.5.2 System configuration and operation
7.5.3 Connectivity to unauthenticated systems <\/td>\n<\/tr>\n
62<\/td>\n7.6 Group host access with MACsec <\/td>\n<\/tr>\n
63<\/td>\n7.6.1 Assumptions and requirements
7.6.2 System configuration and operation
7.7 Use with MACsec to support virtual shared media infrastructure LANs <\/td>\n<\/tr>\n
64<\/td>\n7.7.1 Assumptions and requirements
7.7.2 System configuration and operation <\/td>\n<\/tr>\n
66<\/td>\n8. Authentication using EAP <\/td>\n<\/tr>\n
67<\/td>\n8.1 PACP Overview <\/td>\n<\/tr>\n
68<\/td>\n8.2 Example EAP exchanges <\/td>\n<\/tr>\n
69<\/td>\n8.3 PAE higher layer interface <\/td>\n<\/tr>\n
70<\/td>\n8.4 PAE Client interface <\/td>\n<\/tr>\n
72<\/td>\n8.5 EAPOL transmit and receive
8.6 Supplicant and Authenticator PAE timers <\/td>\n<\/tr>\n
73<\/td>\n8.7 Supplicant PACP state machine, variables, and procedures
8.8 Supplicant PAE counters <\/td>\n<\/tr>\n
75<\/td>\n8.9 Authenticator PACP state machine, variables, and procedures <\/td>\n<\/tr>\n
76<\/td>\n8.10 Authenticator PAE counters
8.11 EAP methods
8.11.1 MKA and EAP methods <\/td>\n<\/tr>\n
77<\/td>\n8.11.2 Integration with IEEE Std 802.1AR and EAP methods <\/td>\n<\/tr>\n
78<\/td>\n9. MACsec Key Agreement protocol (MKA) <\/td>\n<\/tr>\n
79<\/td>\n9.1 Protocol design requirements <\/td>\n<\/tr>\n
80<\/td>\n9.2 Protocol support requirements
9.2.1 Random number generation
9.2.2 SC identification
9.3 MKA key hierarchy
9.3.1 CAK identification <\/td>\n<\/tr>\n
81<\/td>\n9.3.2 CAK Independence
9.3.3 Derived keys <\/td>\n<\/tr>\n
82<\/td>\n9.4 MKA transport <\/td>\n<\/tr>\n
83<\/td>\n9.4.1 Message authentication
9.4.2 Member identification and message numbers <\/td>\n<\/tr>\n
84<\/td>\n9.4.3 Determining liveness
9.4.4 MKPDU information elements and application data
9.4.5 Addressing <\/td>\n<\/tr>\n
85<\/td>\n9.5 Key server election <\/td>\n<\/tr>\n
86<\/td>\n9.5.1 MKPDU application data
9.6 Use of MACsec <\/td>\n<\/tr>\n
87<\/td>\n9.6.1 MKPDU application data
9.7 Cipher suite selection
9.7.1 MKPDU application data
9.8 SAK generation, distribution, and selection <\/td>\n<\/tr>\n
89<\/td>\n9.8.1 SAK generation
9.8.2 Use of AES Key Wrap
9.8.3 MKPDU application data
9.9 SA assignment <\/td>\n<\/tr>\n
90<\/td>\n9.9.1 MKPDU application data
9.10 SAK installation and use
9.10.1 MKPDU application data <\/td>\n<\/tr>\n
91<\/td>\n9.11 Connectivity change detection
9.12 CA formation and group CAK distribution
9.12.1 Use of AES Key Wrap
9.12.2 MKPDU application data <\/td>\n<\/tr>\n
92<\/td>\n9.13 Secure announcements
9.13.1 MKPDU application data
9.14 MKA participant creation and deletion <\/td>\n<\/tr>\n
93<\/td>\n9.15 MKA participant timer values <\/td>\n<\/tr>\n
94<\/td>\n9.16 MKA management <\/td>\n<\/tr>\n
96<\/td>\n9.17 MKA SAK distribution examples
9.17.1 Two participants
9.17.2 Another participant joins <\/td>\n<\/tr>\n
98<\/td>\n10. Network announcements
10.1 Announcement information <\/td>\n<\/tr>\n
101<\/td>\n10.2 Making and requesting announcements <\/td>\n<\/tr>\n
103<\/td>\n10.3 Receiving announcements
10.4 Managing announcements <\/td>\n<\/tr>\n
105<\/td>\n11. EAPOL PDUs
11.1 EAPOL PDU transmission, addressing, and protocol identification
11.1.1 Destination MAC address <\/td>\n<\/tr>\n
106<\/td>\n11.1.2 Source MAC address <\/td>\n<\/tr>\n
107<\/td>\n11.1.3 Priority
11.1.4 Ethertype use and encoding
11.2 Representation and encoding of octets <\/td>\n<\/tr>\n
108<\/td>\n11.3 Common EAPOL PDU structure
11.3.1 Protocol Version
11.3.2 Packet Type <\/td>\n<\/tr>\n
109<\/td>\n11.3.3 Packet Body Length
11.3.4 Packet Body
11.4 Validation of received EAPOL PDUs <\/td>\n<\/tr>\n
110<\/td>\n11.5 EAPOL protocol version handling <\/td>\n<\/tr>\n
111<\/td>\n11.6 EAPOL-Start <\/td>\n<\/tr>\n
112<\/td>\n11.7 EAPOL-Logoff
11.8 EAPOL-EAP
11.9 EAPOL-Key <\/td>\n<\/tr>\n
113<\/td>\n11.10 EAPOL-Encapsulated-ASF-Alert
11.11 EAPOL-MKA <\/td>\n<\/tr>\n
115<\/td>\n11.11.1 MKA parameter encoding <\/td>\n<\/tr>\n
120<\/td>\n11.11.2 Validation of MKPDUs <\/td>\n<\/tr>\n
121<\/td>\n11.11.3 Encoding MKPDUs
11.11.4 Decoding MKPDUs <\/td>\n<\/tr>\n
122<\/td>\n11.12 EAPOL-Announcement <\/td>\n<\/tr>\n
123<\/td>\n11.12.1 Network Identity (NID) Set TLV <\/td>\n<\/tr>\n
124<\/td>\n11.12.2 Access Information TLV
11.12.3 MACsec Cipher Suites TLV <\/td>\n<\/tr>\n
125<\/td>\n11.12.4 Key Management Domain TLV
11.12.5 Organizationally Specific and Organizationally Specific Set TLVs <\/td>\n<\/tr>\n
126<\/td>\n11.12.6 Validation of EAPOL-Announcements
11.12.7 Encoding EAPOL-Announcements
11.12.8 Decoding EAPOL-Announcements <\/td>\n<\/tr>\n
127<\/td>\n11.13 EAPOL-Announcement-Req <\/td>\n<\/tr>\n
128<\/td>\n12. PAE operation
12.1 Model of operation <\/td>\n<\/tr>\n
130<\/td>\n12.2 KaY interfaces <\/td>\n<\/tr>\n
132<\/td>\n12.3 CP state machine interfaces
12.4 CP state machine <\/td>\n<\/tr>\n
133<\/td>\n12.4.1 CP state machine variables and timers <\/td>\n<\/tr>\n
134<\/td>\n12.5 Logon Process <\/td>\n<\/tr>\n
136<\/td>\n12.5.1 Session statistics
12.6 CAK cache <\/td>\n<\/tr>\n
137<\/td>\n12.7 Virtual port creation and deletion <\/td>\n<\/tr>\n
138<\/td>\n12.8 EAPOL Transmit and Receive Process <\/td>\n<\/tr>\n
139<\/td>\n12.8.1 EAPOL frame reception statistics
12.8.2 EAPOL frame reception diagnostics <\/td>\n<\/tr>\n
140<\/td>\n12.8.3 EAPOL frame transmission statistics <\/td>\n<\/tr>\n
141<\/td>\n12.9 PAE management
12.9.1 System level PAE management <\/td>\n<\/tr>\n
142<\/td>\n12.9.2 Identifying PAEs and their capabilities
12.9.3 Initialization <\/td>\n<\/tr>\n
144<\/td>\n13. PAE MIB
13.1 The Internet Standard Management Framework
13.2 Structure of the MIB
13.3 Relationship to other MIBs
13.3.1 System MIB Group
13.3.2 Relationship to the Interfaces MIB <\/td>\n<\/tr>\n
146<\/td>\n13.3.3 Relationship to the MAC Security MIB <\/td>\n<\/tr>\n
152<\/td>\n13.4 Security considerations <\/td>\n<\/tr>\n
153<\/td>\n13.5 Definitions for PAE MIB <\/td>\n<\/tr>\n
199<\/td>\nAnnex A (normative) PICS proforma
A.1 Introduction
A.2 Abbreviations and special symbols <\/td>\n<\/tr>\n
200<\/td>\nA.3 Instructions for completing the PICS proforma <\/td>\n<\/tr>\n
202<\/td>\nA.4 PICS proforma for IEEE 802.1X <\/td>\n<\/tr>\n
203<\/td>\nA.5 Major capabilities and options <\/td>\n<\/tr>\n
204<\/td>\nA.6 PAE requirements and options
A.7 Supplicant requirements and options <\/td>\n<\/tr>\n
205<\/td>\nA.8 Authenticator requirements and options <\/td>\n<\/tr>\n
206<\/td>\nA.9 MKA requirements and options <\/td>\n<\/tr>\n
207<\/td>\nA.10 Announcement transmission requirements
A.11 Announcement reception requirements
A.12 Management and remote management <\/td>\n<\/tr>\n
208<\/td>\nA.13 Virtual ports
A.14 PAC <\/td>\n<\/tr>\n
209<\/td>\nAnnex B (informative) Bibliography <\/td>\n<\/tr>\n
211<\/td>\nAnnex C (normative) State diagram notation <\/td>\n<\/tr>\n
213<\/td>\nAnnex D (normative) Basic architectural concepts and terms
D.1 Protocol entities, peers, layers, services, and clients
D.2 Service interface primitives, parameters, and frames <\/td>\n<\/tr>\n
214<\/td>\nD.3 Layer management interfaces
D.4 Service access points, interface stacks, and ports <\/td>\n<\/tr>\n
215<\/td>\nD.5 Media independent protocols and shims
D.6 MAC Service clients <\/td>\n<\/tr>\n
216<\/td>\nD.7 Stations and systems
D.8 Connectionless connectivity and connectivity associations <\/td>\n<\/tr>\n
217<\/td>\nAnnex E (informative) IEEE 802.1X EAP and RADIUS usage guidelines
E.1 EAP Session-Id
E.2 RADIUS Attributes for IEEE 802 Networks <\/td>\n<\/tr>\n
218<\/td>\nAnnex F (informative) Support for \u2018Wake-on-LAN\u2019 protocols <\/td>\n<\/tr>\n
219<\/td>\nAnnex G (informative) Unsecured multi-access LANs <\/td>\n<\/tr>\n
221<\/td>\nAnnex H (informative) Test vectors
H.1 KDF
H.2 CAK Key Derivation <\/td>\n<\/tr>\n
222<\/td>\nH.3 CKN Derivation
H.4 KEK Derivation
H.5 ICK Derivation <\/td>\n<\/tr>\n
223<\/td>\nH.6 SAK Derivation <\/td>\n<\/tr>\n
224<\/td>\nAnnex I (informative) IEEE list of participants <\/td>\n<\/tr>\n
226<\/td>\nBlank Page <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

IEEE\/ISO\/IEC Information technology — Telecommunications and information exchange between systems — Local and metropolitan area networks — Part 1X: Port-based network access control<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
IEEE<\/b><\/a><\/td>\n2013<\/td>\n228<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":112164,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2644],"product_tag":[],"class_list":{"0":"post-112163","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-ieee","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/112163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/112164"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=112163"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=112163"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=112163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}