Over the past few years, the IEEE 802.1x standard has grown in popularity as the method of authenticating enterprise wireless clients. Most enterprise LAN switches also now include 802.1x, which can authenticate LAN-connected clients in much the same way as wireless clients. 802.1x provides port-based Network Access Control (NAC) capability. When a client (called a supplicant) connects to an 802.1x switch or Wireless Access Protocol (WAP—called the authenticator), the client uses Extensible Authentication Protocol (EAP) to send its identity. The authenticator then queries a back-end identity server—such as a Remote Authentication Dial-In User Service (RADIUS) server or proprietary access server—and receives instructions about whether the supplicant should be permitted on the network. 802.1x provides strong security and is generally one of the most secure methods for deploying NAC, but it's not without drawbacks—most notably its complex setup.
