Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Question on 802.1X authentication

     
    Posted 04-17-2022 07:48

    Hi.

     

    I am learning about 802.1X and have a question on what it looks like in practice (since I don't have a lab).

     

    Let's say I connect my Macbook directly to an 802.1X port on a Juniper switch.

     

    1: When I receive and EAPoL request, how will I be entering my credentials? Will I be using a special 802.1X application on my Macbook?

    2: Are both the username and password entered in response to the first EAPoL Request,  or is the username sent in response to the initial EAPoL request and the password entered in response to a separate EAPoL Challenge message from the switch port?

     

    Thanks,

    Deepak


    Juniper Business Use Only



  • 2.  RE: Question on 802.1X authentication
    Best Answer

    Posted 04-18-2022 05:31
    Hi  

    To authenticate through 802.1X, supplicants require 802.1X client software. Some operating systems include an 802.1X client by default --  for mac OS see below:  
    https://support.apple.com/guide/deployment/connect-to-8021x-networks-depabc994b84/web 
    https://support.apple.com/en-us/HT207431 

    Now when an authenticator receives authentication requests from a supplicant, those requests are received as EAPOL messages (EAPOL-start ---- EAP request / identity -- EAP Response / Identity). The authenticator extracts and relays the identity information, found within the EAPOL message, to the authentication server as a RADIUS access request. the authenticator does not evaluate the supplicant's credentials, but simply relays that information to the authenticating server in an understandable format. 

    Hope this helps!  
    Esteban / PV