802.1x is an IEEE standard for port-based network access control. It provides an authentication mechanism to devices wishing to attach to a LAN port, either establishing a point-to-point connection or preventing access from that port if authentication fails. It is used for most wireless 802.11 access points and is based on the Extensible Authentication Protocol (EAP). Of course this does not mean it cannot work on a wired nework.

Introduction

This article was really written due to the fact that I found very little documentation available online for using 802.1x with wired switched network. Hope all you readers find this useful. Please feel free to email me admin at root dot sg if you wish to add anything.

In 802.1x, there are a few components that we must understand before we can do an actual setup.

1. Supplicant - This is often a software on a client device such as a PC.
2. Authenticator - This is often a medium between the client device asking for access permission and an authentication server. In most cases, this is either a switch or a wireless access point.
3. Authentication server - Most time, this is just a RADIUS database

Background Information

The flow will be something like this:

1. Client connects laptop into 802.1x enabled switched network. 
2. The switch acting as an authenticator will throw a request to the supplicant software running on the laptop requesting for network access credentials.
3. The supplicant will send the network access credentials back to the authenticator (switch).
4. Authenticator will take in the network access credentials and forward it to the authentication server.
5. If there is a match and the configured policy on the authentication server allows it, a success message will be transmitted back to the authenticator (switch) allowing the client into the protected part of the network.
6. A diagram illustrating the technical parts of this can be found here.