Horizontal Bar

MVNet-2: What is IEEE 802.1X?

Wm Magill - April 24, 2018

Men at Work Sign Under Construction sign
HTML5 Powered with CSS3
 / Styling, and Semantics

First some definitions:

The concept of "authentication" is relevant to many aspects of everyday life, from art, antiques and anthropology to Banking and Computer Networking.

Many times, in today's Western World and especially here in the Masonic Village at Elizabethtown, authentication is taken for granted or simply ignored. You are rarely confronted by an armed guard stating, "Show me your papers!" But it is why Employees of the Masonic Village have their MV ID cards on display.

When you present your MV Photo ID card to Dining Services, you are stating that you are a Resident (Authentication) and eligible to eat in the MV Restaurant (Authorization), and providing Dining Services with the mechanism to charge you for your meal (Accounting).

Multi-factor authentication (MFA) is a method of confirming a user's claimed identity in which a user is granted access only after successfully presenting 2 or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something they and only they know), possession (something they and only they have), and inherence (something they and only they are).[1][2]

Two-factor authentication (also known as 2FA) is a type (subset) of multi-factor authentication. It is a method of confirming a user's claimed identity by utilizing a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.

A good example of two-factor authentication is the withdrawing of money from a ATM; only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out.

Two-step verification or two-step authentication is a method of confirming a user's claimed identity by utilizing something they know (password) and a second factor other than something they have or something they are. An example of a second step is the user repeating back something that was sent to them through an out-of-band mechanism. Or the second step might be a 6 digit number generated by an app that is common to the user and the authentication system. [3]

IEEE 802.1X is a communications protocol which provides an "Authentication" mechanism to devices wishing to attach to MVNet. A device, referred to as a "supplicant," might be a Smartphone's, Tablet, Laptop, or Desktop Computer.

It is a "Query-Response" protocol. That is, MVNet makes a query and your device must respond appropriately in order to gain access to MVNet.

Access to MVNet must be "Authorized" in advance, by subscribing to the appropriate communications package.

It is how your device identifies itself to MVNet, which in turn then allows or denies that device access to the Network. For most devices this authentication involves presenting a Userid and Password to the Network Authentication Server. Certain devices, atypical WiFi attached printers, have no knowledge of or capability to respond with a userid and a different mechanic must be used.

GuestMVNet

This network allows access to WiFi without the need for a pre-assigned userid and password. It is intended for occasional use by visitors, just as the MVGuest network has in the past. It is bandwidth restricted.

GuestMVNet first presents the device with an information screen which contains the MVnet "Terms of Service" to which the user must agree.