HOME

TheInfoList



Click Here for Items Related To - Supplicant (computer)
OR:
Supplicant (computer) on:   [Wikipedia]   [Google]   [Amazon]

In
computer networking A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ma ...
, a supplicant is an entity at one end of a point-to-point LAN segment that seeks to be authenticated by an
authenticator An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. I ...
attached to the other end of that link. The
IEEE 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines t ...
standard uses the term "supplicant" to refer either to hardware or to software. In practice, a supplicant is a
software application Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
installed on an end-user's computer. The user invokes the supplicant and submits credentials to connect the computer to a secure
network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
. If the authentication succeeds, the authenticator typically allows the computer to connect to the network. A supplicant, in some contexts, refers to a user or to a client in a network environment seeking to access network resources secured by the IEEE 802.1X authentication mechanism. But saying "user" or "client" over-generalizes; in reality, the interaction takes place through a
personal computer A personal computer (PC) is a multi-purpose microcomputer whose size, capabilities, and price make it feasible for individual use. Personal computers are intended to be operated directly by an end user, rather than by a computer expert or tec ...
, an
Internet protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP h ...
(IP) phone, or similar network device. Each of these must run supplicant software that initiates or reacts to IEEE 802.1X authentication requests for association.


Overview

Businesses, campuses, governments and all other social entities across-the-board in need of security may resort to the use of
IEEE 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines t ...
authentication to regulate users access to their corresponding network infrastructure. And to enable this, client devices need to meet supplicant definition in order to gain access. In businesses, for example, it is very common that employees will receive their new computer with all the necessary settings appropriately set for
IEEE 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines t ...
authentication, in particular when connecting wirelessly to the network.


Access

For a supplicant capable device to gain access to the secured resources on a network, some preconditions should be observed and a context that will make this feasible. The network to which the supplicant needs to interact with must have a
RADIUS In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...
Server (also known as an Authentication Server or an
Authenticator An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. I ...
), a
Dynamic Host Configuration Protocol The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a cli ...
(DHCP) server if automatic
Internet protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP h ...
(IP) address assignment is needed, and in certain configurations, an
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...
domain controller. The domain controller is particularly needed in Microsoft environments when using Microsoft's
Internet Authentication Service Internet Authentication Service (IAS) is a component of Windows Server operating systems that provides centralized user authentication, authorization and accounting. Overview While Routing and Remote Access Service (RRAS) security is sufficient ...
(IAS) or
Network Policy Server Network Policy and Access Services (NPAS) is a component of Windows Server 2008. It replaces the Internet Authentication Service (IAS) from Windows Server 2003. NPAS helps you safeguard the health and security of a network. The NPAS server role inc ...
(NPS) software to provide RADIUS services from the Authentication Server.


Supplicant list

Supplicants include but are not limited to: * Windows 2000/XP built in **
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
Service Pack 4 **
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
Service Pack 2 *
Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
built in (" Internet Connect" utility) ** OS 10.3 or higher *
AnyConnect Cisco Systems' products and services focus upon three market segments—enterprise and service provider, small business and the home. Corporate market "Corporate market" refers to enterprise networking and service providers. ;Enterprise network ...
Network Access Manager * Odyssey * SecureW2 *
wpa supplicant wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku. In addition to being a WPA3 and WPA2 s ...
*
Xsupplicant Xsupplicant is a supplicant that allows a workstation to authenticate with a RADIUS server using 802.1X and the Extensible Authentication Protocol (EAP). It can be used for computers with wired or wireless LAN connections to complete a strong aut ...


Mechanism

One aspect of reality a user needs to understand and, more likely comply with the network administrator is the use of user name and password, or a
Media Access Control In IEEE 802 LAN/MAN standards, the medium access control (MAC, also called media access control) sublayer is the layer that controls the hardware responsible for interaction with the wired, optical or wireless transmission medium. The MAC sublay ...
(MAC) Address as the minimum that will be required for account setup. On a Windows machine, taking an example of
Windows 8 Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for downl ...
, one should make sure to enable one's client to act as a supplicant by going to the Network Properties of the
Network Interface Card A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter or physical network interface, and by similar terms) is a computer hardware component that connects a computer to a computer network. Ear ...
(NIC), and from the Authentication tab, "Enable IEEE 802.1X authentication" need to be checked. Similar steps need to be taken on other network devices that provide support for
IEEE 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines t ...
authentication. This is the most important single step a user will need to make in order for one's network device to act as a supplicant.


Notes

Note that IAS was being used up to
Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...
; since then, it has been replaced by NPS on all subsequent Windows Server releases (
2008 File:2008 Events Collage.png, From left, clockwise: Lehman Brothers went bankrupt following the Subprime mortgage crisis; Cyclone Nargis killed more than 138,000 in Myanmar; A scene from the opening ceremony of the 2008 Summer Olympics in Beijing; ...
,
2012 File:2012 Events Collage V3.png, From left, clockwise: The passenger cruise ship Costa Concordia lies capsized after the Costa Concordia disaster; Damage to Casino Pier in Seaside Heights, New Jersey as a result of Hurricane Sandy; People gather ...
...). IAS and NPS are not the only RADIUS Servers, some other include:
FreeRADIUS FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client l ...
, Cisco Secure Access Control System (ACS) Server...


References

{{Reflist


See also

* Supplicant


External links


ESG Open 802.1x Supplicant initiative

Understanding 802.1x authentication
on Microsoft

on Cisco
What is 802.1x Security Authentication for Wireless Networks?
on Netgear
Creating a secure 802.1x wireless infrastructure using Microsoft Windows
on Microsoft Technet

on SecureW2 IEEE 802