802.1x Brief description of the agreement

Reprint an article ： Article to read 802.1x agreement

Protocol Brief

802.1x The protocol is based on C/S Access to structure 「 Control agreement 」, Working at the data link layer , That is, layer 2 protocol .

• 「C/S structure 」：server/client For short , It is divided into two layers: server and client , The server is responsible for data management , The client is responsible for user interaction
• 「 Access control 」： A technique for controlling access rights , Specify who can access who , Who can't access who
• 「 agreement 」： Short for network protocol , It's essentially a series of rules , For example, how to establish a connection between two computers , How to identify each other , All need to abide by certain rules . Because the network environment is quite responsible , Therefore, the whole network is divided into seven parts , That's what we often say 0SI Seven layer model , Each layer has a corresponding protocol , When the protocol of a layer changes , It will not affect the protocols of other layers

802.1x The role of the agreement

Restrictions without 「 to grant authorization 」 Users of / The device accesses through the access port LAN/WLAN, To ensure the security of the network

• 「 port 」： The outlet for communication between the equipment and the outside world , It is divided into virtual port and physical port , Virtual ports are invisible ports , Like the computer's 21,23,80 port ; Physical ports are also called interfaces , Is a visible port , Such as computer / Telephone network cable interface
• 「LAN」: LAN , That is to connect computers through network cables , Form a local network range , Computers in range can communicate with each other
• 「WLAN」：Wireless Local Area Network For short , That is, WLAN , Use wireless communication technology instead of network cable to connect computers

Logical port

IEEE 802.1Xx The protocol divides ports into 「 Controllable port 」 and 「 Uncontrollable port 」, The switch uses uncontrollable ports to complete user authentication and control , Service messages are exchanged through controllable ports , So as to realize the separation of business and authentication

802.1x Protocol authentication principle

1. The user enters the user name and password , Initiate connection request , The client program sends a message requesting authentication to the switch , Open authentication
2. After the switch receives the data frame requesting authentication , A request frame will be issued asking the client to send the user name entered by the user
3. The client program responds to the request of the switch , Send a data frame containing the user name to the switch , After receiving the data frame, the switch will packet it and send it to the authentication server for processing
4. After the authentication server receives the user name sent by the switch , Query the database for matching , After successful matching, find the password corresponding to the user name , Encrypt it with randomly generated encrypted words , Send the encrypted word to the switch , The switch then transmits the encrypted word to the client program
5. The client program uses the received encrypted word to encrypt the password entered by the user , And send the encrypted password to the switch , Sent by the switch to the authentication server
6. The authentication server compares the received passwords , If it is the same, it is an authorized user , Return the authentication information , And send the command to open the port to the switch , Allow users to access the network through ports ; Otherwise, it is an unauthorized user , Only authentication information data is allowed to pass, but business data is not allowed to pass