Abstract: Authentication is a basic method in broad band Ethernet network management to ensure information security. The port-based network access control－802.1x greatly improves the security and complication in LAN access, but it has some hidden security troubles and design weaknesses. This paper gives a brief introduction of architecture and authentication mechanism of the 802.lx protocol. Since it is easliy sufferred from DOS attack, session attack and MIM attack, this paper analyzes these security problems and brings out corresponding solutions.

Key words: 802.1x, Network access control, Authentication, Network security

摘要： 认证是宽带以太网实现可管理和网络信息安全的前提。在各种以太网接入控制技术中，基于端口的访问控制技术802.1x极大地改善了局域网接入的安全性和复杂性，但其自身也存在一些安全隐患和设计缺陷。该文介绍了802.1x认证体系的结构、认证的原理、流程和特点，针对其在应用中易受中间人攻击、协商攻击、拒绝服务攻击等安全问题作了分析，并提出了相应解决方案。

关键词: 802.1x, 网络接入控制, 认证, 网络安全

CLC Number: 

• TP393.08