computer networking A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...

, a supplicant is an entity at one end of a point-to-point LAN segment that seeks to be authenticated by an authenticator attached to the other end of that link. The

IEEE 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines t ...

standard uses the term "supplicant" to refer either to hardware or to software. In practice, a supplicant is a

software application Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...

installed on an end-user's computer. The user invokes the supplicant and submits credentials to connect the computer to a secure

network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

. If the authentication succeeds, the authenticator typically allows the computer to connect to the network. IEEE 8021x Network Diagram Example

A supplicant, in some contexts, refers to a user or to a client in a network environment seeking to access network resources secured by the IEEE 802.1X authentication mechanism. But saying "user" or "client" over-generalizes; in reality, the interaction takes place through a

personal computer A personal computer (PC) is a multi-purpose microcomputer whose size, capabilities, and price make it feasible for individual use. Personal computers are intended to be operated directly by an end user, rather than by a computer expert or tec ...

, an

Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. ...

(IP) phone, or similar network device. Each of these must run supplicant software that initiates or reacts to IEEE 802.1X authentication requests for association.

Overview

Businesses, campuses, governments and all other social entities across-the-board in need of security may resort to the use of

authentication to regulate users access to their corresponding network infrastructure. And to enable this, client devices need to meet supplicant definition in order to gain access. In businesses, for example, it is very common that employees will receive their new computer with all the necessary settings appropriately set for

authentication, in particular when connecting wirelessly to the network.

Access

For a supplicant-capable device to gain access to the secured resources on a network, some preconditions should be observed and a context that will make this feasible. The network to which the supplicant needs to interact with must have a

RADIUS In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...

Server (also known as an Authentication Server or an Authenticator), a Dynamic Host Configuration Protocol (DHCP) server if automatic

IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...

assignment is needed, and in certain configurations, an

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...

domain controller. The domain controller is particularly needed in Microsoft environments when using Microsoft's

Internet Authentication Service Internet Authentication Service (IAS) is a component of Windows Server operating systems that provides centralized user authentication, authorization and accounting. Overview While Routing and Remote Access Service (RRAS) security is sufficien ...

(IAS) or

Network Policy Server Network Policy and Access Services (NPAS) is a component of Windows Server 2008. It replaces the Internet Authentication Service (IAS) from Windows Server 2003. NPAS helps you safeguard the health and security of a network. The NPAS server role inc ...

(NPS) software to provide RADIUS services from the Authentication Server. Authenticated list of Supplicants

Supplicant list

Supplicants include but are not limited to: * Windows 2000/XP built in **

Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...

Service Pack 4 **

Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...

Service Pack 2 *

Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and la ...

built in (" Internet Connect" utility) ** OS 10.3 or higher *

AnyConnect Cisco Systems' products and services focus upon three market segments—enterprise and service provider, small business and the home. Corporate market "Corporate market" refers to enterprise networking and service providers. ;Enterprise network ...

Network Access Manager * Odyssey * SecureW2 *

wpa_supplicant wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku. In addition to being a WPA3 and WPA2 sup ...

Xsupplicant Xsupplicant is a supplicant that allows a workstation to authenticate with a RADIUS server using 802.1X and the Extensible Authentication Protocol (EAP). It can be used for computers with wired or wireless LAN connections to complete a strong au ...

Mechanism

One aspect of reality a user needs to understand and, more likely comply with the network administrator is the use of user name and password, or a

Media Access Control In IEEE 802 LAN/MAN standards, the medium access control (MAC, also called media access control) sublayer is the layer that controls the hardware responsible for interaction with the wired, optical or wireless transmission medium. The MAC sublay ...

(MAC) Address as the minimum that will be required for account setup. On a Windows machine, taking an example of

Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on August 1, 2012; it was subsequently made available for download via MSDN and TechNet on August 15, 2012, and later to ...

, one should make sure to enable one's client to act as a supplicant by going to the Network Properties of the Network Interface Card (NIC), and from the Authentication tab, "Enable IEEE 802.1X authentication" need to be checked. Similar steps need to be taken on other network devices that provide support for

authentication. This is the most important single step a user will need to make in order for one's network device to act as a supplicant. Microsoft Windows 8 IEEE 802

Notes

Note that IAS was being used up to

Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...

; since then, it has been replaced by NPS on all subsequent Windows Server releases (

2008 File:2008 Events Collage.png, From left, clockwise: Lehman Brothers went bankrupt following the Subprime mortgage crisis; Cyclone Nargis killed more than 138,000 in Myanmar; A scene from the opening ceremony of the 2008 Summer Olympics in Beijing; ...

2012 File:2012 Events Collage V3.png, From left, clockwise: The passenger cruise ship Costa Concordia lies capsized after the Costa Concordia disaster; Damage to Casino Pier in Seaside Heights, New Jersey as a result of Hurricane Sandy; People gat ...

...). IAS and NPS are not the only RADIUS Servers, some other include:

FreeRADIUS FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client l ...

, Cisco Secure Access Control System (ACS) Server...

References

{{Reflist

External links

ESG Open 802.1x Supplicant initiative

Understanding 802.1x authentication
on Microsoft

on Cisco
What is 802.1x Security Authentication for Wireless Networks?
on Netgear
Creating a secure 802.1x wireless infrastructure using Microsoft Windows
on Microsoft Technet

on SecureW2 IEEE 802