See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/329979388

Implementation of IEEE 802.1X Port-based Authentication Mechanism for

Ethernet

Article · October 2018

DOI: 10.14445/22312803/IJCTT-V64P105

CITATION READS
1 728

2 authors, including:

Kakelli Anil Kumar

VIT University
31 PUBLICATIONS   75 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Wireless Sensor Networks View project

All content following this page was uploaded by Kakelli Anil Kumar on 17 April 2021.

The user has requested enhancement of the downloaded file.

 International Journal of Computer Trends and Technology ( IJCTT ) – Volume 64 Number 1 – October 2018

Implementation of IEEE 802.1X Port-based

Authentication Mechanism for Ethernet
ShaleenKachhara#1, Dr. Kakelli Anil Kumar*2
#
SCOPE, Vellore Institute of Technology, Vellore, Tamil Nadu, India
*
Associate Professor, SCOPE, Vellore Institute of Technology, Vellore, Tamil Nadu, India

Abstract
We exploredsome mechanisms for securing vulnerabilities or risks could be either from „insiders‟ or
corporate wired Ethernet, which are often more or less from „outsiders‟ who may not belong to the network
neglected. After a careful analysis of all possible [6]. In this era of technological advancement, more and
solutions, we opted for IEEE 802.1X port based more businesses are adopting newer technologies for
authentication mechanism. It uses radius server as an multiple reasons ranging from better customer services
authentication server (on Windows Server 2012 r2) and to better working conditions for their own employees.
Cisco switch as an authenticator. The main purpose of Newer vulnerabilities are being discovered daily, and
implementation of IEEE 802.1X is to restrict guest thereby making it more crucial for businesses to audit,
access to the LAN/wired network and authenticate only map and understand their infrastructure in an
genuine users. Only the authenticated users have access increasingly secure and connected environment.
to the network. The proposed mechanism monitors Organizations need to be aware that cyber-criminal
active users through centralized user access syndicates keep finding more sophisticated techniques
management using Microsoft Active Directory to gain access on organization‟s resources,mostly
Servicesin Microsoft Server 2012 R2. The individual through their networks. Organizations today, need a
configurations of all the entities involved in the meticulous view of their network infrastructurecovering
mechanism are discussed in detail to successfully hosts, VLANs, NAT,VPNs, routing protocols, network
deliver a pilot implementation of the protocol wherein access rules, network components (current versions and
one could debug all the errors and later deploy the updates), services running, and assets. Once this is
same on a live network. By configuring the accounting done, security administratorscould use this network
tab on the Server Manager we will be able to keep track map to figure out existing vulnerabilities and device
of all the users/employees activities on the better security policies to counter them.
organization's network.
II. RELATED WORK
Keywords – Authentication, IEEE-802.1X, Radius
server, switch, Network security. EAP [20] as described in RFC 3784 is mostly used
between clients and switches. EAP operates over the
ABBREVIATIONS: data link layer such as Point-to-Point Protocol (PPP) or
IEEE 802, without requiring IP. EAP supports multiple
EAP- Extensible Authentication Protocol authentication methods such as EAP-Md5, EAP-TLS,
PEAP– Protected Extensible Authentication Protocol EAP-TTLS, PEAP and so on. The EAP packet has
EAPoL- Extensible Authentication Protocol over LAN code, identifier, length, type and data, each of size 1
VPN- Virtual Private Network byte and variable [3, 8].
NAT- Network Address translation
IETF- Internet Engineering Task Force The EAPoLprotocol is a port-based authentication
RFC- Request for Comments protocol used for IEEE 802.1X (Port Based Network
SSID- Service Set Identifier Access Control). Transportation of EAP packets
DSL - Digital Subscriber Line between the client and the authenticator is taken care by
RADIUS- Remote Authentication Dial-In User Service this protocol. Using EAPoL, an EAP authentication
session can be started by either the client or the
I. INTRODUCTION authenticator.The EAPoL frame format consists of
MAC header, Ethernet type, version, packet type,
In the world of information security, words like 'threat' packet body length, packet body, frame check sequence
or „vulnerability‟ or „risk‟mean anyone or anything that with length respectively 1, 2, 2, 1, 1, 2, variable, 4
poses danger to the information,software or hardware or bytes. EAP packets are also carried in the 802.11 by
infact the users themselves. These threats or the EAPoL protocol as defined by Dot1x standard[8].

ISSN: 2231 – 2803 http://www.ijcttjournal.org Page 17

 International Journal of Computer Trends and Technology ( IJCTT ) – Volume 64 Number 1 – October 2018

RADIUS [22] is a client/server protocol which operates environments while others ensure a great deal of
between the authenticator server/RADIUS server and security and auditing information of the users.
the switch. Radius protocol helps in identifying
users/clients based on their login credentials. Only upon A. Physical Network Security
successful authentication, the users/clients can use the The physical security of network and its devices
authorized resources. There are 3 key functions that is also very crucialto protectagainst local threats and
uniquely define the Radius protocol, namely social engineering attacks. A nearby script-kiddie or
authentication, authorization, and accounting (AAA). even a grunted employee cancause harm to the proper
RADIUS packet format includes code, identifier, functioning of the network if strong physical security of
length, authenticator and attribute, of sizes 1 byte, 1 your premises and network devices is not warranted. It
byte, 2 bytes, 16 bytes, and variable respectively. is very essential to guarantee that all the places where
the network components are kept are physically
A. Network Access Control
securedfrom anyone without access rights using smart
From startups to multinational organizations, all
doors and cabinet locks wherever necessary. All the
have network access controls to define or guide how
cables must be well protected by a plastic case and
network access is granted to their employees. The same
ensured that they are not in easy range of anyone to
network has to reach different employees with multiple
play with either out of curiosity or for malicious
access permissions that are just sufficient enough for
purposes. Ethernet ports which are not in present use
their day-to-day jobs. Now there are network access
must be disconnected to prevent unnecessary actions
servers which help them in providing the necessary
performed on them. But this would be just a preventive
access authentication and authorization[6]. There are
measure to limit the chances of attacks or breaches on
various automated tools available which help in
your systems and nothing else.
realizing this strenuous job for network administrators.
Technology giants like Cisco and IBM have developed B. Regularly UpdatedNetwork
solutions to counter the global problems of Network The very first step is to have network auditing and
Access Controls. mapping taken care of from time to time. Software or
firmware updates for all network infrastructure
B. Pilot Implementation
components must be checked regularly. Default
The approach should be to analyze possible
passwords and configurations must be changed at any
vulnerabilities in organization‟s network and find a
cost prior to using any network component like a router
solution that could be implemented in their network
or a switch, etc. Keep a tab on all the computers and
infrastructure. So the very first task towards secured
devices connected to network. Make sure the antivirus
network environment is to get a clear understanding of
is up and running properly and is timelyupdated, also
all the network devices being deployed, their
more complex and secure passwords are used both by
configuration and understanding the importance and
the admin consoles and the employees for better
contribution of every individual component in attaining
protection against brute force attacks.Hackers or
a secure and feasible network access. It is required to
cybercriminals will intend to exploit vulnerabilities in
first have a demo of working of any such security
your operating system, software applications, web
measure before implementing it on the live network as
browsers, and browser plug-ins. Use updated
it runs the risk of affecting regular functioning of the
software/hardware as most of the renowned software
organization‟s employees. One could modify and revise
such as the Microsoft office suite, Adobe Acrobat and
the mechanism in the test environment itself that suits
reader etc. regularly fix security loopholes in their
thecompany‟s network infrastructure and policies well,
framework and ensure a safe working environment to
before deploying iton to the main network.Once the
their customers.But it would be a mistake to consider
pilot implementation is successful, the same could
yourself secured by merely updating your devices on a
bedeployed on the company‟s network and monitored
regular basis. It‟s just a preventive measure towards
for proper functioning.
safeguarding your systems from attacks.
III. EXPLORING POSSIBLE SECURITY C. Implement MAC Address Filtering
MEASURES FOR ETHERNET Generally, in the case of a wired network, it‟s just
plug and play for the network access which poses a
Every organization has its unique network major security issue for the wired networks. As
infrastructure with varied networking devices from compared to WEP, then WPA/WPA2 standards in
varied vendors/companies, so there is no rock solid wireless networks, the wired networks lack such well-
solution for network security. Some of these solutions defined security standards.MAC address filtering is
are preliminary steps towards more secured basically allowing network access to devices whose
MAC addresses are stored by the server. A table of

ISSN: 2231 – 2803 http://www.ijcttjournal.org Page 18

 International Journal of Computer Trends and Technology ( IJCTT ) – Volume 64 Number 1 – October 2018

MAC addresses of all the devices in network perimeter Client: The user device (workstation) that requests
is prepared and network access is granted only to those access to the LAN network and switch. Often regarded
devices. Although it can be bypassed by a beginner as the „supplicant‟. Client workstation must be
level hacker by forging a legit MAC address, it could configured with802.1X-compliant client software. It is
just serve as the first layer of security. It could help easily available in Windows operating systems.
prevent an employee, a guest or an outsider to plug into
the private network directly. The administrators will Authentication server: The Radius server is the one
also have more control over devices on the network. which performs the actual authentication of the client. It
But don‟t let it give you a false sense of security as validates the identity of the client through login
MAC address could be very easily forged by any information and notifies the switch whether or not the
determined hacker, and also be prepared to regularly client is authorized to access the LAN and
update the MAC address list every now and then if you switchservices. [1]. The authentication data between the
opt for MAC address filtering. Radius-server and its clients is exchanged securely.

D. Network Traffic Encryption Switch: The switch is often termed as the authenticator
If security requirements are significantly high, and is basically a proxy between the RADIUS
consider encrypting your entire network traffic. server(authenticator) and the client. On connecting to a
Remember even with various security features in place, switch port, it seeks login credentials from the
if your network traffic is not encrypted, it is very easy client/user and then sends the data to the server for
for an intermediate level hacker to just capture your verification. After the server has successfully
traffic that might have user accounts, passwords, and authenticated the particular client/user, network access
other sensitive information.There are many proprietary is allowed on that port depending upon the access rights
network encryption solutions available nowadays, many defined for that user by the admin.
of which operate at data link layerinstead of network
layer, like IPsec to help reduce latency and
overhead.But it runs the drawback of severe network
lagging, hindering day to day functioning of all your
employees. Encrypting data is only advisable in case of
very sensitive data to share across and if you could
afford a dime to ensure its security.

IV. PROPOSED IEEE-802.1X PORT BASED

AUTHENTICATION
Fig. 1 Functioning of IEEE 802.1x protocol
Authentication, encryption and other such security
standards are often ignored on the wirednetworksdue to A. IEEE 802.1X
the complexity involved. While wireless networks are The following Cisco flowchart describes the
often encrypted and authenticated, but the wired whole scenario of authentication via 802.1X [7] as
networks should also be paid equal attention. Although shown in figure 2.
deploying 802.1X won‟t secure the LAN network
completely, it would at least restrict malicious peoples‟
access to network until they‟ve authenticated
themselves through their login credentials. To deploy
802.1X authentication, wefirst need a RADIUS
server,commonly called as the Authentication Server, it
is the component that authorizes/denies the network
access to the users. On a Windows Server,RADIUS
server is pre-installed withNetwork Policy Server
(NPS) role,Standalone RADIUS servers can also be
considered.The IEEE 802.1X standard defines a client-
server authentication and access control protocol that
restricts unauthorized users from connecting to a
network. The authentication server authenticates each
client that requests network access. [2].Authentication,
Authorization, and Accounting (AAA) is ensured
majorly by these three important roles: Fig. 2Flowchart of IEEE 802.1x protocol

ISSN: 2231 – 2803 http://www.ijcttjournal.org Page 19

 International Journal of Computer Trends and Technology ( IJCTT ) – Volume 64 Number 1 – October 2018

B. RADIUS and its Application in 802.1X implementation of this protocol that could be
The RADIUS client is typically a NAS and the incorporated with it depending upon the organization‟s
RADIUS server is usually a daemon process running on requirements.
either a UNIX or a Windows NT machine.A Windows
NT or a UNIX machine may usually support the V.IMPLEMENTATION OF 802.1X
RADIUS server while RADIUS client is typically a AUTHENTICATION
NAS [1, 2]. RADIUS servers receive network access
request, authenticates the user, and allows network A. Requirements for Testing
access or other resources that are meant for that user, as The following are required for testing 802.1x in a
defined in the security policies by the Admin.RADIUS safe “off the grid” network.
server and its clients share a secret key [15].Radius is 1) Windows Server 2012 R2 -Authentication Server
the “backend server”(Authentication Server)in nearly 2) Cisco Catalyst 2960x-48ts-ll Switch - Authenticator
all the 802.1X implementations. The client is referred to 3) Windows 10 Test PC – user
as “the supplicant” in EAP/802.1X terminology. Wired 4) Connecting RJ-45 cables.
Ethernet switches typically implement EAP-PEAP
(Microsoft, password-based authentication), EAP- B. Configuring the Windows Sever by Sever
TTLS (vendor-neutral, password-based and/or client- Manager
certificate-based) and EAP-TLS (client-certificate- The following steps are a detailed guide to
based) protocols[4].For EAP/802.1X protocols, the successfully deploying the 802.1X port authentication
NAS (a wired Ethernet switch) relays the EAP/802.1X (server side)
messages between the wired client and the RADIUS 1) Open Control Panel > Change Adapter Settings >
server. [16, 18]. RADIUS server holds a database of Right click on Ethernet > Properties >IP Version 4
users/clients containing their usernames and the (TCP/IPV4) > properties. Now, enter the IP address
passwords as stored by the network manager, and also which is in the same groups as your cisco switch ie.
the policies that define network access based on the 192.168.100.2, and subnet mask as 255.255.255.0 and
employee that is seeking network access. There are the DNS server IP must also be the same as the IP.
numerous variations and customizations that could be
achieved by the use of RADIUS SERVER and Dot1x
implementation but discussing them all are out of scope
in the current report but some of them are really useful
that could be implemented with great ease.

C. IEEE802.1x with Guest VLAN

For cases when the authentications fails for some
or the other reason or due to EAP request frame or the
EAPoL packets getting lost in the way, a guest VLAN
is configured to provide restricted network access to the
users.

D. IEEE 802.1x with Inaccessible Authentication Fig.3 IP configuration of Windows server machine
Bypass
For all the cases where the switch fails to connect 2) Open Server Manager – Dashboard > Add roles and
with the RADIUS server, inaccessible authentication features > Install Active Directory Domain Services
bypass feature is configured and the client is directed to 3) Promote this Server to the Domain Controller and
a critical VLAN with restricted access rights [1]. add the Domain name and other relevant details.
4) The Server System will reboot after this. Again open
E. IEEE 802.1x with MAC Authentication Bypass Server Manager > Add roles or feature> Add Active
For cases where the Dot1x enabled ports are Directory Certificate Services.Similar Steps would be
connected to devices such as printers, IP telephones or followed.This would serve as the Active Directory
some server etc, it is very important to deploy the MAC Certificate Authority that would help in authenticating
authentication bypass feature as these devices cannot the users as they attempt to connect to the network.
authenticate themselves. The MAB feature would allow 5) Now again, open Server Manager > Add roles or
bypassing for these devices based on their MAC feature> Add Network Policy and Access Services
addresses that are stored in a separate table on the (NAP)
RADIUS server. Apart from the mentioned above,
there are numerous other add-ons with the

ISSN: 2231 – 2803 http://www.ijcttjournal.org Page 20

 International Journal of Computer Trends and Technology ( IJCTT ) – Volume 64 Number 1 – October 2018

Similar Steps would be followed.This is the place

where all the policies, radius server and the radius client
would be configured.
6) Once all these are installed, Open Server Manager >
Tools > Active Directory Users and Computers > New
Organizational Unit in the current container. Creating a
new organizational unit named dot1x.Now add a group
in this unit called the dot1xgroup. Within this group
intended users will get the grant access of the network.

Fig. 5 Configuring Network Policy Server (NPS)

Fig.4Creating group of genuine users

Consider a user ShaleenKachhara with username:

shaleen and password: hzl@123.
7) Right click on the NAP in Server manager and open
Network Policy Server Fig. 6Access to switch console using PuTTy

Firstly, register this server in the Active Directory by Commands

right clicking NPS (Local). Now, in the Standard
Configuration Dropdown, choose Radius Server for MySwitch Enable
802.1x Wireless or wired connections and then click on MySwitch# Configure Terminal
Configure 802.1X.To choose secured wired (Ethernet) MySwitch(config-if)# aaa-new model
connection add Cisco switch as a RADIUS client[9]. It MySwitch(config-if)# aaa authentication dot1x default
is also specify the IP address of our Cisco switch and a group radius
secret key which uses during the configuring of Cisco MySwitch(config-if)# dot1x system-auth-control
switch.The IP address of the switch is: 192.168.100.15. MySwitch(config-if)# radius server RADIUSSERVER
The secret key is: secret. Now Choose Configuration MySwitch(config-radius)# address ipv4 192.168.100.2
Mode as Microsoft: Secured password(EAP-MSCHAP auth-port 1812 acct-port 1813
v2). Add user group as the group which made earlier MySwitch(config-radius)# key secret
called the dot1xgroup. Now Under Policies > Network MySwitch(config-radius)# end
Policies > Constraints > NAS Port Types > Tick mark MySwitch(config)# interface GigabitEthernet0/45
Ethernet. Now Stop the NPS Service and then Start MySwitch(config-if)# switchport mode access
Again as shown in figure 5. MySwitch(config-if)# dot1x pae authenticator
MySwitch(config-if)# dot1x port-control auto
C. Configuring the Cisco Switch MySwitch(config-if)# end
Using PuTTY to take the switch on console, It MySwitch(config)#end
could connect either through SSH or serial. SSH- enter MySwitch#exit
the IP address of the switch in the host name and click
open as shown in figure 6. Once the console is up, it Since it is a pilot implementation, we focus only on port
can configure the switch using the following commands 45 to deploy Dot1x.Thus the configuration is only for
on the console. It shall implement the 820.1X port 45. Because of regular updates in the Cisco ISO,
authentication on PORT-GigabitEthernet0/45 as this some of the above mentioned commands may varyover
port will connect to the TEST PC. [10, 13]. time[10, 13]. Following is the text from the log file

ISSN: 2231 – 2803 http://www.ijcttjournal.org Page 21

 International Journal of Computer Trends and Technology ( IJCTT ) – Volume 64 Number 1 – October 2018

generated by saving the running configuration of the Click on Configure – And uncheck Automatically use
switch: Windows Login Name and Password while
connecting.Go to settings > Uncheck All Options.
MySwitch# show running-config Select Authentications Method as Microsoft-Secured
interface GigabitEthernet0/45 password(EAP-MSCHAP v2). Click Ok and open
switchport mode access additional settings to specify the authentication mode.
authentication host-mode multi-host User authentication and click on OK for test setup.
authentication order dot1x mab
authentication port-control auto
dot1x pae authenticator
ip address 192.168.100.15 255.255.255.0
radius server hzl
address ipv4 192.168.100.2 auth-port 1812 acct-port
1813
key secret

D. Configuring the Client Computer

Add the test PC to the server domain i.e hzl.com
and then sign in as the user to add in the Active
Directory users and computers while configuring our Fig. 8 Configuring advance settings of IEEE 802.1X
Server. The user wish to authenticate by proposed
802.1X authentication protocol. As soon the user VI. RESULTS AND CONCLUSION
connects LAN cable to system, an authentication
dialogue box would pop up and the user would have to After the successful configuration of all the three i.e
enter the username password given to the user by the .the Supplicant (client), the Authenticator (Switch),and
administrator that looks after the company‟s user the Authentication Server (Windows Server), system is
accounts and authorizes the ones that the administrator ready to test Lab Setup.
wishes to grant access to the network. 1)Open Change Adapter Settings in control panel. The
1) Add the Test PC to the Server Domain, hzl.com in status will be network cable unplugged.
our case. 2) Connect the LAN Cable now. The Status will now
2)Add the system in the same IP pool as of the server change to Attempting to Authenticate and a
ie. 192.168.100.5 and put the preferred DNS server IP Authentication Dialogue Box will pop up.
address as the IP address of the Server i.e
192.168.100.2
3) Right Click on My PC > Manage> Services and
Applications >Services >Auto Wired Configuration >
choose Startup Type as Automatic and start the Service.
Click on Apply and OK.
4)Open Control Panel > Network and Sharing Center >
Change Adapter Settings > Right Click on Ethernet >
Properties > ChooseAuthentication tab > Tick mark
Enable IEEE 802.1X Authentication. Choose Network
Authentication Method as - Microsoft: Protected EAP
(Extensible Authentication Protocol)
Fig9 Ethernet Connection status - Authenticating

3) Enter as follows and Hit Ok

Username: Domain name\username --
hzl/shaleen
Password: your password --
hzl@123
These are the credentials given to employees by the
admin which could be later changed and managed
depending upon the policies that the admin sets.
Fig. 7 Configuring EAP

ISSN: 2231 – 2803 http://www.ijcttjournal.org Page 22

 International Journal of Computer Trends and Technology ( IJCTT ) – Volume 64 Number 1 – October 2018

4) The status will finally change from identifying [10] Cisco, “OpenFlow,” in Consolidated Platform Configuration
Guide, Cisco IOS Release 15.2(5)E (Catalyst 2960-X Switches),
network to connect to an unidentified network which 2017.
results the successfully authentication and joined the [11] D. Hannifin, N. J. Alpern, and J. Alpern, Microsoft Windows
company‟s network. NPS server allows us to monitor Server 2008 R2 Administrator‟s Reference. 2010.
the events on the Radius server. The admin can monitor [12] E. Vyncke and C. Paggen, LAN switch security: what hackers
know about your switches. 2008.
from the server the login details of all the users(their IP [13] Y. Zou, J. Zhu, X. Wang, and V. C. M. Leung, “Improving
address and other details) who attempt to login to the physical-layer security in wireless communications using
company‟s network through event viewer in windows diversity techniques,” IEEE Network, 2015.
server manager. [14] C. Rigney, “RFC 2866 - RADIUS Accounting,” Network
Working Group, 2000.
[15] K. Y. Park, Y. S. Kim, and J. Kim, “Security enhanced IEEE
802.1x authentication method for WLAN mobile router,”
Advanced Communication Technology (ICACT), 2012 14th
International Conference, 2012.
[16] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H.
Levkowetz, “Rfc 3748,” Extensible Authentication Protocol
(EAP), 2004.
[17] J. C. Chen and Y. P. Wang, “Extensible Authentication Protocol
(EAP) and IEEE 802.1x: Tutorial and Empirical Experience,”
IEEE Communications Magazine, 2005.
[18] X. Huang, S. Wijesekera, and D. Sharma, “Secure
communication in 802.11 networks with a novel protocol using
quantum cryptography,” in Proceedings 2010 4th International
Conference on Network and System Security, NSS 2010, 2010.
[19] Md. Hashmathur Rehman, Dr.A. Govardhan T. Venkat
Narayana Rao, “Design and Implementation of RADIUS, An
Fig. 10Event viewer- monitoring user activity Network Security Protocol”, Global Journal of Computer
Science and Technology,Page 48, vol. 10, issue 7, 2010.
[20] B. Shojaie, I. Saberi, and M. Salleh, “Enhancing EAP-TLS
Also, an additional Log File is generated of every single authentication protocol for IEEE 802.11i,” Wireless Networks,
attempt to login, which the admin can go through in 2017.
case of any discrepancy in the company‟s network.

REFRENCES

[1] Cisco, “Catalyst 4500 Series Switch Cisco IOS Software

Configuration Guide, 12.2(25)EW - Understanding and
Configuring VLANs [Cisco Catalyst 4500 Series Switches] -
Cisco,” February 15, 2018, 2018.
[2] J. Loos and R. Caudle, “Implementing IEEE 802.1x for Wired
Networks,” SANS Reading Room, 2014.
[3] G. López, O. Cánovas, A. F. Gómez, J. D. Jiménez, and R.
Marín, “A network access control approach based on the AAA
architecture and authorization attributes,” Journal of Network
and Computer Applications, 2007.
[4] C. Rigney, A. Rubens,W. Simpson and S.Willens. RFC 2865:
Remote Authentication Dial In User Service (RADIUS).
[5] I. Studnia, V. Nicomette, E. Alata, Y. Deswarte, M. Kaaniche,
and Y. Laarouchi, “Survey on security threats and protection
mechanisms in embedded automotive networks,” in Proceedings
ofI. Conf. on Dependable Systems and Networks, 2013.
[6] K. Y. Park, Y. S. Kim, and J. Kim, “Security enhanced IEEE
802.1x authentication method for WLAN mobile router,”
Advanced Communication Technology (ICACT), 2012 14th
International Conference on, 2012.
[7] K. W. Kim, Y. H. Han, and S. G. Min, “An Authentication and
Key Management Mechanism for Resource Constrained
Devices in IEEE 802.11-based IoT Access Networks,” Sensors
(Switzerland), 2017.
[8] A. E. Maslov, S. L. Katuntsev, and A. A. Maliavko, “Study and
implementation of authentication mechanism by RADIUS-
server in switches and routers using NETCONF protocol,” in
International Conference of Young Specialists on
Micro/Nanotechnologies and Electron Devices, EDM, 2017.
[9] Y. Y. Lu, Y. Yang, Z. H. Yin, and B. C. Yu, The research and
design of campus network security development on Cisco AAA
certification. 2013.

ISSN: 2231 – 2803 http://www.ijcttjournal.org Page 23

View publication stats