For security purposes, some switches require users to authenticate themselves (that is, provide credentials, such as a username and password, to prove who they are) before gaining access to the rest of the network. A standards-based method of enforcing user authentication is IEEE 802.1X.
With 802.1X enabled, a switch requires a client to authenticate before communicating on the network. After the authentication occurs, a key is generated that is shared between the client and the device to which it attaches (for example, a wireless LAN controller or a Layer 2 switch). The key then encrypts traffic coming from and being sent to the client.
Figure 11-24 illustrates the three primary components of an 802.1X network, which are described in the following list:
• Supplicant: The supplicant is the device that wants to gain access to a network.
• Authenticator: The authenticator forwards the supplicant's authentication request on to an authentication server. After the authentication server authenticates the supplicant, the authenticator receives a key that is used to communicate securely during a session with the supplicant.
• Authentication server: The authentication server (for example, a Remote Authentication Dial-In Service [RADIUS] server) checks a supplicant's credentials. If the credentials are acceptable, the authentication server notifies the authenticator that the supplicant is allowed to communicate on the network. The authentication server also gives the authenticator a key that can be used to securely transmit data during the authenticator's session with the supplicant.
An even more sophisticated approach to admission control is the Network Access Control (NAC) feature offered by some authentication servers. Beyond just checking credentials, NAC can check characteristics of the device seeking admission to the network. The client's operating system (OS) and version of antivirus software are examples of these characteristics.
About The Author
Anthony Sequeira, CCIE No. 15626, is a Cisco Certified Systems Instructor (CCSI) and author regarding all levels and tracks of Cisco Certification. Anthony formally began his career in the information technology industry in 1994 with IBM in Tampa, Florida. He quickly formed his own computer consultancy, Computer Solutions, and then discovered his true passion-teaching and writing about Microsoft and Cisco technologies. Anthony joined Mastering Computers in 1996 and lectured to massive audiences around the world about the latest in computer technologies. Mastering Computers became the revolutionary online training company, KnowledgeNet, and Anthony trained there for many years. Anthony is currently pursuing his second CCIE in the area of Security and is a full-time instructor for the next-generation of KnowledgeNet, StormWind.com. Anthony is also a VMware Certified Professional.
CompTIA Network+ N10-008 Cert Guide contains proven study features that allow you to succeed on the exam the first time. Expert instructor Anthony Sequeira shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills, essential for successful completion of the performance-based testing items on the exam. This complete, CompTIA-approved study package includes the following:
• A test-preparation routine proven to help you pass the exams
• Clearly defined chapter learning objectives covering all N10-008 exam topics
• Chapter-ending review questions and exam preparation exercises, which help you drill on key concepts you must know thoroughly
• The powerful Pearson Test Prep practice test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
• 40 performance-based exercises to help you prepare for the hands-on exam questions
• A free copy of the CompTIA Network+ N10-008 Simulator Lite software, complete with meaningful lab exercises that enhance your hands-on skills
• More than 60 minutes of video mentoring
• A final preparation chapter that guides you through tools and resources to help you craft your review and test taking strategies
• An Exam Essentials appendix that quickly recaps all major chapter topics for easy reference, both in print and interactive digital format
• A key terms Glossary in both print and on the companion website, which acts as an interactive flash-card application
• Study plan suggestions and templates to help you organize and optimize your study time
• A 10% exam discount voucher (a $33+ value!)
Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this approved study guide helps you master the concepts and techniques that ensure your exam success.
Master the topics on the CompTIA Network+ N10-008 exam, including:
• Network topologies and media types
• IP addressing
• Network services
• Data center architectures and cloud concepts
• Routing, Ethernet switching, and wireless networking
• Network availability and disaster recovery
• Network security
• Remote access
• Network troubleshooting
Reader Paulo Cardoso says, "This is a great book. In addition, it comes with great additional resources."
Learn more about the CompTIA Network+ N10-008 Cert Guide at amazon.com
More Network Security Articles:
• Firewall Perimeter Network (DMZ)
• Network User Authentication
• Why Become a CISSP?
• Methods to Combat Distributed Denial of Service (DDoS) Attacks
• Network Security Across the Enterprise
• Public Key Infrastructure
• Designing Physical Network Security
• Types of Computer Security Threats
• The Use of HoneyPots and HoneyNets to Trick Hackers
• What is a Botnet Attack and How to Identify It?