Supplicant (computer)

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The supplicant is an entity at one end of a point-to-point LAN segment that seeks to be authenticated by an authenticator attached to the other end of that link. As used in the IEEE 802.1X standard, a supplicant can be either hardware or software. In practice, a supplicant is a software application installed on an end-user's computer. The user invokes the supplicant and submits credentials to connect the computer to a secure network. If the authentication is successful, the authenticator typically allows the computer to connect to the network.

A supplicant, in some sense, refers to a user or a client in a network environment seeking to access network resources secured by IEEE 802.1X authentication mechanism. By saying user or client is a bit of oversimplification; in reality, the interaction is through a personal computer, an Internet protocol (IP) phone, or similar network device. All these must be equipped with a supplicant software that initiates or reacts to IEEE 802.1X authentication requests for association. Odyssey Access Client from Juniper Networks [1] is a perfect example of a IEEE 802.1X authentication software that can be installed on a personal computer, and therefore enabling it to act as a supplicant.[2]

Overview[edit]

Businesses, campuses, governments and all other social entities across-the-board in need of security may resort to the use of IEEE 802.1X authentication to regulate users access to the network infrastructure. And to enable this, client devices need to meet supplicant definition in order for it to gain access. In Businesses for example, it is very common that an employee will receive his new computer with all the necessary settings appropriately set for IEEE 802.1X authentication.

Access[edit]

For a supplicant capable device to gain access to the secured resources on a network,some preconditions need to be observed and a context that will make this feasible. The network to which the supplicant need to interact with must have a RADIUS Server also known as Authentication Server, an Authenticator and optionally a Dynamic Host Configuration Protocol (DHCP) server if automatic Internet protocol (IP) address assignment is sought after, and in certain configurations, an active directory domain controller. This is particularly true in Microsoft environment especially when using Internet Authentication Service (IAS) or Network Policy Server (NPS) as the software running on the Authentication Server.

Supplicant list[edit]

Supplicants include:

Mechanism[edit]

One aspect of reality that a user needs to understand and, more likely comply with the network administrator is the use of user name and password, or a Media Access Control (MAC) Address as the minimum that will be required for account setup.

On a windows machine, taking an example of Windows 8, one should make sure to enable his client to act as a supplicant by going to the Network Properties of the Network Interface Card (NIC), and from the Authentication tab, "Enable IEEE 802.1X authentication" need to be checked. Similar steps need to be taken on other network devices that provide support for IEEE 802.1X authentication. This is the most important single step a user will need to make in order for his network device to act as a supplicant.

Notes[edit]

Note that IAS was being used up to Windows 2003, since then, it has been replaced by NPS on all subsequent Windows Server releases (Windows 2008, Windows 2012...). IAS and NPS are not the only RADIUS Servers, some other include: FreeRadius, Cisco Secure Access Control System (ACS) Server...

References[edit]

  1. ^ "Odyssey Access Client (OAC)". Retrieved October 24, 2014. 
  2. ^ "Understanding 802.1x authentication". Retrieved October 23, 2014. 

External links[edit]