computer networking A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections ar ...

, a supplicant is an entity at one end of a point-to-point

LAN Lan or LAN may also refer to: Science and technology * Local asymptotic normality, a fundamental property of regular models in statistics * Longitude of the ascending node, one of the orbital elements used to specify the orbit of an object in sp ...

segment that seeks to be authenticated by an authenticator attached to the other end of that link. The IEEE 802.1X standard uses the term "supplicant" to refer either to hardware or to software. In practice, a supplicant is a

software application Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...

installed on an end-user's computer. The user invokes the supplicant and submits credentials to connect the computer to a secure network. If the authentication succeeds, the authenticator typically allows the computer to connect to the network. IEEE 8021x Network Diagram Example

A supplicant, in some contexts, refers to a user or to a client in a network environment seeking to access network resources secured by the IEEE 802.1X authentication mechanism. But saying "user" or "client" over-generalizes; in reality, the interaction takes place through a

personal computer A personal computer (PC) is a multi-purpose microcomputer whose size, capabilities, and price make it feasible for individual use. Personal computers are intended to be operated directly by an end user, rather than by a computer expert or tech ...

, an

Internet protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. ...

(IP) phone, or similar network device. Each of these must run supplicant software that initiates or reacts to IEEE 802.1X authentication requests for association.

Overview

Businesses, campuses, governments and all other social entities across-the-board in need of security may resort to the use of IEEE 802.1X authentication to regulate users access to their corresponding network infrastructure. And to enable this, client devices need to meet supplicant definition in order to gain access. In businesses, for example, it is very common that employees will receive their new computer with all the necessary settings appropriately set for IEEE 802.1X authentication, in particular when connecting wirelessly to the network.

Access

For a supplicant capable device to gain access to the secured resources on a network, some preconditions should be observed and a context that will make this feasible. The network to which the supplicant needs to interact with must have a

RADIUS In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...

Server (also known as an Authentication Server or an Authenticator), a Dynamic Host Configuration Protocol (DHCP) server if automatic

(IP) address assignment is needed, and in certain configurations, an

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centr ...

domain controller. The domain controller is particularly needed in Microsoft environments when using Microsoft's

Internet Authentication Service Internet Authentication Service (IAS) is a component of Windows Server operating systems that provides centralized user authentication, authorization and accounting. Overview While Routing and Remote Access Service (RRAS) security is sufficie ...

(IAS) or Network Policy Server (NPS) software to provide RADIUS services from the Authentication Server. Authenticated list of Supplicants

Supplicant list

Supplicants include but are not limited to: * Windows 2000/XP built in **

Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was official ...

Service Pack 4 **

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was release to manufacturing, released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Wind ...

Service Pack 2 *

Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

built in (" Internet Connect" utility) ** OS 10.3 or higher * AnyConnect Network Access Manager * Odyssey * SecureW2 * wpa supplicant * Xsupplicant

Mechanism

One aspect of reality a user needs to understand and, more likely comply with the network administrator is the use of user name and password, or a

Media Access Control In IEEE 802 LAN/MAN standards, the medium access control (MAC, also called media access control) sublayer is the layer that controls the hardware responsible for interaction with the wired, optical or wireless transmission medium. The MAC subla ...

(MAC) Address as the minimum that will be required for account setup. On a Windows machine, taking an example of

Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on August 1, 2012; it was subsequently made available for download via MSDN and TechNet on August 15, 2012, and later to ...

, one should make sure to enable one's client to act as a supplicant by going to the Network Properties of the Network Interface Card (NIC), and from the Authentication tab, "Enable IEEE 802.1X authentication" need to be checked. Similar steps need to be taken on other network devices that provide support for IEEE 802.1X authentication. This is the most important single step a user will need to make in order for one's network device to act as a supplicant. Microsoft Windows 8 IEEE 802

Notes

Note that IAS was being used up to

Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, ...

; since then, it has been replaced by NPS on all subsequent Windows Server releases (

2008 File:2008 Events Collage.png, From left, clockwise: Lehman Brothers went bankrupt following the Subprime mortgage crisis; Cyclone Nargis killed more than 138,000 in Myanmar; A scene from the opening ceremony of the 2008 Summer Olympics in Beijing ...

2012 File:2012 Events Collage V3.png, From left, clockwise: The passenger cruise ship Costa Concordia lies capsized after the Costa Concordia disaster; Damage to Casino Pier in Seaside Heights, New Jersey as a result of Hurricane Sandy; People gather ...

...). IAS and NPS are not the only RADIUS Servers, some other include: FreeRADIUS, Cisco Secure Access Control System (ACS) Server...

References

{{Reflist

External links

ESG Open 802.1x Supplicant initiative

Understanding 802.1x authentication
on Microsoft

on Cisco
What is 802.1x Security Authentication for Wireless Networks?
on Netgear
Creating a secure 802.1x wireless infrastructure using Microsoft Windows
on Microsoft Technet

on SecureW2 IEEE 802