X-Calibur 802.1X port-security (617)
X-Calibur is an 802.1X port-security framework for wired/wireless switches, with support for multiple EAP (Extensible Authentication Protocol) types and supplicant/authenticator PAEs (Port Access Entities). It is a member of the Switchcraft family of layer 2 protocol products offered by TeamF1. X-Calibur is ideally suited for networked embedded devices that require membership in authenticated Ethernet networks and wireless (WLAN) networks
- Supplicant and Authenticator PAE
- Implements IEEE 802.1X PNAC
- Provides APIs for any EAP implementation
- Works with wired (Ethernet) and wireless (WLAN/802.11) networks
- 802.1X MIB Support
- Support for CPU types of either endian-ness including PowerPC, MIPS, X86, ARM/XScale
- Royalty-free, full source distribution for VxWorks and Linux
- Merlink: Link Aggregation, Fail-over, Load-Balancing, LACP, 802.3ad
- Spantasmic: STP, RSTP, and MST (802.1d, w, s)
- AuthAgent Kerberos: Embedded Kerberos Agent
- SSLimSecure SSL: Secure Sockets & TLS
X-Calibur is a standards-based, small-footprint implementation of the Port-based Network Access Control (IEEE 802.1X PNAC) protocol for VxWorks and embedded variants of Linux. It adds access authentication services to a supplicant or an authenticator in any scenario where one can abstract out the notion of a "network access port", which makes it an excellent fit for authenticated Ethernet networks and wireless (WLAN) networks. It also provides a well-structured API to communicate with an authentication server on any platform, based on Extensible Authentication Protocol (EAP). X-Calibur is a robust and highly configurable design making it an ideal fit for resource-limited embedded environments.
The X-Calibur Port-based Network Access Control (PNAC) implementation is based on the IEEE 802.1X standard. It authenticates devices and users connected to a LAN on a per-port basis, so that access is restricted to authorized entities.
The X-Calibur 802.1X framework is based on the IETF Extensible Authentication Protocol over LAN (EAPoL) messages. 802.1X defines an authentication dialog between the system needing network services and the network. It establishes an identity in order to gain authorized access by binding a name to something known, such as a MAC address, and then using that name in all future interactions. 802.1X requires entities to play three roles in the authentication process:
- the device seeking network access i.e. the client to be authenticated ("Supplicant"),
- the server performing the authentication ("Authentication Server" or "AS"),
- and the device responsible for granting access based on authorization from the AS ("Authenticator").
The Supplicant and Authenticator coordinate with each other by using PAE controlling logic.
While 802.1X provides an interoperable authentication PDU (Protocol Data Unit) transport, it does not define the authentication mechanism. X-Calibur allows the use of a number of EAPoL based authentication protocols such as passwords, EAP-TLS (EAP over Transport Layer Security), EAP-TTLS (EAP over Tunneled TLS), EAP-Kerberos, PEAP (Protected EAP), onetime passwords, etc. These protocols can be deployed over X-Calibur using built-in APIs that allow the Supplicant or Authenticator to easily implement EAPoL interfaces to standard servers (e.g. RADIUS Authentication Servers) for packaging EAP messages in link-layer frames.
The WPA (Wi-Fi Protected Access) industry standard and the upcoming 802.11i standards specify the use of 802.1X for station authentication. In WLAN infrastructure mode, X-Calibur can provide the Supplicant PAE functionality for stations as well as an Authenticator PAE implementation for access points.
X-Calibur, like other members of the Switchcraft family, is designed for commercial real-time and embedded operating systems. TeamF1 offers optimized versions for VxWorks as a drop-in component with support for standard END (Enhanced Network Driver) devices and the ability to have the aggregation framework appear as an END device. X-Calibur has also been optimized for Linux kernels 2.4 and 2.6. X-Calibur supports a variety of switch fabric chipsets and provides a standard reference implementation to include a custom switch chip. It enables highly sophisticated management of link aggregation groups in networked embedded systems with the fewest changes to the application and driver code.
If you are interested in more information on how Wind River partners with this company, click here.