ДСТУ ISO/IEC/IEEE 8802-1X:2015 Інформаційні технології. Телекомунікації та інформаційний обмін між системами. Локальні та міські мережі. Частина IX. Управління доступом до мережі на базі портів (ISO/IEC/IEEE...



ДСТУ ISO/IEC/IEEE 8802-1X:2015
(ISO/IEC/IEEE 8802-1X:2013, IDT)

Інформаційні технології. Телекомунікації та інформаційний обмін між системами.
Локальні та міські мережі. Частина IX. Управління доступом до мережі на базі портів

 
   
 
 
     
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

1. Overview

1.1 Scope

1.2 Purpose

1.3 Introduction

1.4 Provisions of this standard

2. Normative references

3. Definitions

4. Acronyms and abbreviations

5. Conformance

5.1 Requirements terminology

5.2 Protocol Implementation Conformance Statement

5.3 Conformant systems and system components

5.4 PAE requirements

5.5 PAE options

5.6 Supplicant requirements

5.7 Supplicant options

5.8 Authenticator requirements

5.9 Authenticator options

5.10 MKA requirements

5.11 MKA options

5.12 Virtual port requirements

5.13 Virtual port options

5.14 Announcement transmission requirements

5.15 Announcement transmission options

5.16 Announcement reception requirements

5.17 Announcement reception options

5.18 Requirements for SNMP access to the PAE MIB

5.19 Options for SNMP access to the PAE MIB

5.20 PAC requirements

5.21 System recommendations

5.22 Prohibitions

6. Principles of port-based network access control operation

6.1 Port-based network access control architecture

6.2 Key hierarchy

6.3 Port Access Entity (PAE)

6.4 Port Access Controller (PAC)

6.5 Link aggregation

6.6 Use of this standard by IEEE Std 802.11

7. Port-based network access control applications

7.1 Host access with physically secure LANs

7.2 Infrastructure support with physically secure LANs

7.3 Host access with MACsec and point-to-point LANs

7.4 Use with MACsec to support infrastructure LANs

7.5 Host access with MACsec and a multi-access LAN

7.6 Group host access with MACsec

7.7 Use with MACsec to support virtual shared media infrastructure LANs

8. Authentication using EAP

8.1 PACP Overview

8.2 Example EAP exchanges

8.3 PAE higher layer interface

8.4 PAE Client interface

8.5 EAPOL transmit and receive

8.6 Supplicant and Authenticator PAE timers

8.7 Supplicant PACP state machine, variables, and procedures

8.8 Supplicant PAE counters

8.9 Authenticator PACP state machine, variables, and procedures

8.10 Authenticator PAE counters

8.11 EAP methods

9. MACsec Key Agreement protocol (MKA)

9.1 Protocol design requirements

9.2 Protocol support requirements

9.3 MKA key hierarchy

9.4 MKA transport

9.5 Key server election

9.6 Use of MACsec

9.7 Cipher suite selection

9.8 SAK generation, distribution, and selection

9.9 SA assignment

9.10 SAK installation and use

9.11 Connectivity change detection

9.12 CA formation and group CAK distribution

9.13 Secure announcements

9.14 MKA participant creation and deletion

9.15 MKA participant timer values

9.16 MKA management

9.17 MKA SAK distribution examples

10. Network announcements

10.1 Announcement information

10.2 Making and requesting announcements

10.3 Receiving announcements

10.4 Managing announcements

11. EAPOL PDUs

11.1 EAPOL PDU transmission, addressing, and protocol identification

11.2 Representation and encoding of octets

11.3 Common EAPOL PDU structure

11.4 Validation of received EAPOL PDUs

11.5 EAPOL protocol version handling

11.6 EAPOL-Start

11.7 EAPOL-Logoff

11.8 EAPOL-EAP

11.9 EAPOL-Key

11.10 EAPOL-Encapsulated-ASF-Alert

11.11 EAPOL-MKA

11.12 EAPOL-Announcement

11.13 EAPOL-Announcement-Req

12. PAE operation

12.1 Model of operation

12.2 KaY interfaces

12.3 CP state machine interfaces

12.4 CP state machine

12.5 Logon Process

12.6 CAK cache

12.7 Virtual port creation and deletion

12.8 EAPOL Transmit and Receive Process

12.9 PAE management

13. PAE MIB

13.1 The Internet Standard Management Framework

13.2 Structure of the MIB

13.3 Relationship to other MIBs

13.4 Security considerations

13.5 Definitions for PAE MIB

Annex A (normative) PICS proforma

Annex B (informative) Bibliography

Annex C (normative) State diagram notation

Annex D (normative) Basic architectural concepts and terms

Annex E (informative) IEEE 802.1X EAP and RADIUS usage guidelines

Annex F (informative) Support for ‘Wake-on-LAN’ protocols

Annex G (informative) Unsecured multi-access LANs

Annex H (informative) Test vectors

Annex I (informative) IEEE list of participants