IEEE Std 802.1X™- 2004
(Revision of
IEEE Std 802.1X-2001)
IEEE Standards
802.1X
TM
IEEE Standard for
Local and metropolitan area networks
Port-Based Network Access Control
3 Park Avenue, New York, NY 10016-5997, USA
IEEE Computer Society
Sponsored by the
LAN/MAN Standards Committee
IEEE Standards
13 December 2004
Print: SH95298
PDF: SS95298
Recognized as an
American National Standard (ANSI)
The Institute of Electrical and Electronics Engineers, Inc.
3 Park Avenue, New York, NY 10016-5997, USA
IEEE and 802 are registered trademarks in the U.S. Patent & Trademark Office, owned by the Institute of Electrical and Electronics Engi-
neers, Incorporated.
RC4 is a registered trademark of RSA Security Inc. and may not be used by third parties creating implementations of the algorithm.
RSA Security does not hold any patents nor does it have any pending applications on the RC4 algorithm. However, RSA Security does
not represent or warrant that implementations of the algorithm will not infringe the intellectual property rights of any third party. Propri-
etary implementations of the RC4 encryption algorithm are available under license from RSA Security Inc. For licensing information,
contact RSA Security Inc., 2955 Campus Drive, Suite 400, San Mateo, CA 94403-2507, USA, or http://www.rsasecurity.com.
Print: ISBN 0-7381-4528-8 SH95298
PDF: ISBN 0-7381-4529-7 SS95298
No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior
written permission of the publisher.
IEEE Std 802.1X
™
-2004
(
Revision of
IEEE Std 802.1X-2001)
IEEE Standard for
Local and metropolitan area networks
Port-Based Network Access Control
Sponsor
LAN/MAN Standards Committee
of the
IEEE Computer Society
Approved 10 March 2005
American National Standards Institute
Approved 15 November 2004
IEEE-SA Standards Board
Abstract: Port-based network access control makes use of the physical access characteristics of IEEE 802
®
Local Area Networks (LAN) infrastructures in order to provide a means of authenticating and authorizing
devices attached to a LAN port that has point-to-point connection characteristics, and of preventing access to
that port in cases in which the authentication and authorization process fails.
Keywords: authentication, authorization, controlled port, local area networks, metropolitan area networks,
port access control, uncontrolled port
IEEE Standards
documents are developed within the IEEE Societies and the Standards Coordinating Committees of the
IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards through a consensus develop-
ment process, approved by the American National Standards Institute, which brings together volunteers representing varied
viewpoints and interests to achieve the final product. Volunteers are not necessarily members of the Institute and serve with-
out compensation. While the IEEE administers the process and establishes rules to promote fairness in the consensus devel-
opment process, the IEEE does not independently evaluate, test, or verify the accuracy of any of the information contained in
its standards.
Use of an IEEE Standard is wholly voluntary. The IEEE disclaims liability for any personal injury, property or other damage,
of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the
publication, use of, or reliance upon this, or any other IEEE Standard document.
The IEEE does not warrant or represent the accuracy or content of the material contained herein, and expressly disclaims any
express or implied warranty, including any implied warranty of merchantability or fitness for a specific purpose, or that the
use of the material contained herein is free from patent infringement. IEEE Standards documents are supplied “
AS IS
.”
The existence of an IEEE Standard does not imply that there are no other ways to produce, test, measure, purchase, market,
or provide other goods and services related to the scope of the IEEE Standard. Furthermore, the viewpoint expressed at the
time a standard is approved and issued is subject to change brought about through developments in the state of the art and
comments received from users of the standard. Every IEEE Standard is subjected to review at least every five years for revi-
sion or reaffirmation. When a document is more than five years old and has not been reaffirmed, it is reasonable to conclude
that its contents, although still of some value, do not wholly reflect the present state of the art. Users are cautioned to check to
determine that they have the latest edition of any IEEE Standard.
In publishing and making this document available, the IEEE is not suggesting or rendering professional or other services for,
or on behalf of, any person or entity. Nor is the IEEE undertaking to perform any duty owed by any other person or entity to
another. Any person utilizing this, and any other IEEE Standards document, should rely upon the advice of a competent pro-
fessional in determining the exercise of reasonable care in any given circumstances.
I
nterpretations: Occasionally questions may arise regarding the meaning of portions of standards as they relate to specific ap-
plications. When the need for interpretations is brought to the attention of IEEE, the Institute will initiate action to prepare
appropriate responses. Since IEEE Standards represent a consensus of concerned interests, it is important to ensure that any
interpretation has also received the concurrence of a balance of interests. For this reason, IEEE and the members of its societies
and Standards Coordinating Committees are not able to provide an instant response to interpretation requests except in those
cases where the matter has previously received formal consideration. At lectures, symposia, seminars, or educational courses,
an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the per-
sonal views of that individual rather than the formal position, explanation, or interpretation of the IEEE.
Comments for revision of IEEE Standards are welcome from any interested party, regardless of membership affiliation with
IEEE. Suggestions for changes in documents should be in the form of a proposed change of text, together with appropriate
supporting comments. Comments on standards and requests for interpretations should be addressed to:
Secretary, IEEE-SA Standards Board
445 Hoes Lane
P.O. Box 1331
Piscataway, NJ 08855-1331USA
Authorization to photocopy portions of any individual standard for internal or personal use is granted by the Institute of Elec-
trical and Electronics Engineers, Inc., provided that the appropriate fee is paid to Copyright Clearance Center. To arrange for
payment of licensing fee, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive, Danvers, MA
01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use
can also be obtained through the Copyright Clearance Center.
NOTE−Attention is called to the possibility that implementation of this standard may require use of subject
matter covered by patent rights. By publication of this standard, no position is taken with respect to the exist-
ence or validity of any patent rights in connection therewith. The IEEE shall not be responsible for identifying
patents for which a license may be required by an IEEE standard or for conducting inquiries into the legal valid-
ity or scope of those patents that are brought to its attention.
Copyright © 2004 IEEE. All rights reserved.
iii
Introduction
This standard defines a mechanism for Port-based network access control that makes use of the physical
access characteristics of IEEE 802 LAN infrastructures in order to provide a means of authenticating and
authorizing devices attached to a LAN port that has point-to-point connection characteristics, and of pre-
venting access to that port in cases in which the authentication and authorization process fails.
Notice to users
Errata
Errata, if any, for this and all other standards can be accessed at the following URL: http://
standards.ieee.org/reading/ieee/updates/errata/index.html. Users are encouraged to check this URL for
errata periodically.
Interpretations
Current interpretations can be accessed at the following URL: http://standards.ieee.org/reading/ieee/interp/
index.html.
Patents
Attention is called to the possibility that implementation of this standard may require use of subject matter
covered by patent rights. By publication of this standard, no position is taken with respect to the existence or
validity of any patent rights in connection therewith. The IEEE shall not be responsible for identifying
patents or patent applications for which a license may be required to implement an IEEE standard or for
conducting inquiries into the legal validity or scope of those patents that are brought to its attention.
Participants
At the time this standard was revised, the working group had the following membership:
Tony Jeffree,
Chair and Editor
Paul Congdon,
Vice-Chair
Dolors Sala,
Chair, Link Security Task Group
[This introduction is not part of IEEE Std 802.1X-2004, IEEE Standard for Local and Metropolitan Area
Networks—Port-Based Network Access Control.]
Floyd Backes
Les Bell
Paul Bottorff
Laura Bridge
Jim Burns
Dirceu Cavendish
Hesham Elbakoury
Norm Finn
David Frattura
Gerard Goubert
Steve Haddock
Ran Ish-Shalom
Neil Jarvis
Hal Keen
Bill Lane
Roger Lapuh
Loren Larsen
Dinesh Mohan
Bob Moskowitz
Don O'Connor
Glenn Parsons
Frank Reichstein
John Roese
Allyn Romanow
Dan Romascanu
Mick Seaman
Kazuo Takagi
Michel Thorsen
Dennis Volpano
Karl Weber
Michael D. Wright