Info on 802.1x

Jacques Caron Jacques.Caron at
Sat Oct 26 13:09:51 EDT 2002


802.1X is an IEEE standard for port based access control for all 802 media. 
Its purpose is to provide authentication services (using EAP, the 
Extensible Authentication Protocol) before letting packets go through the 
port (or association in the case of 802.11). 802.1X is mostly just an 
encapsulation of EAP over 802 media (EAPOL, EAP over LAN), really, but it 
also adds key distribution features.

802.1X is particularly useful for 802.11 networks, as it provides a key 
management system, allowing for dynamic keys (in most cases per-session 
keys), and authentication of users, but it can also be useful for wired media.

802.1X is not "a fix for WEP", it adds some of the features that are needed 
to make WEP really practical (the key management system). However, since 
you can change keys frequently when using 802.1X, you can make sure that a 
key is never used long enough that anyone could capture enough packets to 
find the key, and even if they found the key, it wouldn't be usable for a 
long time. But that's really just a workaround, not a real fix.

You can find some info about 802.1X on, and a lot more on 
Bernard Aboba's excellent 802.11 security page at

Note however that the full interaction between 802.1X and 802.11 is still 
in flux, as 802.11's Task Group i (Enhanced Security) is working on that 
(that includes new Key descriptor messages, new encryption based on AES, 
the removal of the 802.11 authentication, TKIP, and a lot more...).

Hope that helps,


At 00:22 26/10/2002, Brad Colbert wrote:
>Hi folks,
>Where can I go and find out information on 802.1x?  I'm assuming it's a
>fix to the WEP problem but haven't read much about it.  Also, am I
>correct in understanding that HostAP supports this now?
>HostAP mailing list
>HostAP at

-- Jacques Caron, IP Sector Technologies
    Join the discussion on public WLAN open global roaming:

More information about the HostAP mailing list