String search
Word search

Learn about IEEE 802.1X authentication protocols

IEEE 802.1X uses the EAP (Extensible Authentication Protocol) message format and framework to negotiate the used authentication method.

Below you find schemes that explain how the IEEE 802.1X authentication occurs for EAP-TLS, PEAP with EAP-TLS, and PEAP with MS-CHAP-V2.

EAP-TLS

EAP-TLS

  1. The supplicant (for example PRISMAsync Print Server) sends an IEEE 802.1X request to the authenticator.

  2. After negotiation of the used authentication method, the authenticator sends the Identity certificate of the authentication server.

  3. The supplicant authenticates the Identity certificate of the authentication server.

  4. The supplicant sends its Identity certificate.

  5. The authentication server verifies the Identity certificate. The directory service queries the user name or printer name reference of the certificate.

  6. The authentication server authenticates the Identity certificate of the supplicant.

  7. The authenticator enables the IEEE 802.1X configured port and the supplicant can access the network.

PEAP with EAP-TLS

PEAP with EAP-TLS

  1. The supplicant (for example PRISMAsync Print Server) sends an IEEE 802.1X request to the authenticator.

  2. After negotiation of the used authentication method, the authenticator sends the Identity certificate of the authentication server.

  3. The supplicant authenticates the Identity certificate of the authentication server.

  4. The supplicant builds a PEAP encrypted channel to negotiate the second part of the authentication. Thereafter, the supplicant sends its Identity certificate through the channel.

  5. The authentication server verifies the Identity certificate. The directory service queries the user name or printer name reference of the certificate.

  6. The authentication server authenticates the Identity certificate of the supplicant.

  7. The authenticator enables the IEEE 802.1X configured port and the supplicant can access the network.

PEAP with MS-CHAP-V2

PEAP with MS-CHAP-V2

  1. The supplicant (for example PRISMAsync Print Server) sends an IEEE 802.1X request to the authenticator.

  2. After negotiation of the used authentication method, the authenticator sends the Identity certificate of the authentication server.

  3. The supplicant authenticates the Identity certificate of the authentication server.

  4. The supplicant builds a PEAP encrypted channel to negotiate the second part of the authentication. Thereafter, the supplicant sends the MS-CHAP-V2 username and password through the channel.

  5. The authentication server validates the MS-CHAP-V2 username and password. The directory service queries the user name.

  6. The authenticator enables the IEEE 802.1X configured port and the supplicant can access the network.

More information

Parent topic:
Configure IEEE 802.1X port-based authentication
Privacy Terms of use Cookie information