PNAC

PNAC (Port Based Network Access Control) is a portable implementation of the IEEE Std 802.1x PNAC.

The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated. The authentication server authenticates each client connected to a port before making available any services offered by the device or the network.

Until the client is authenticated, IEEE 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.

When the command aaa authentication dot1x default is used to enable the dot1x local authentication or RADIUS server / TACACS + server (authentication server) based remote authentication method for all ports, the router initiates authentication

when the link state changes from down to up, or
periodically if the port remains up and unauthenticated.

When the device that requests access to LAN and a switch (supplicant) supplies its identity, the router begins its role as the intermediary, passing EAP frames between the supplicant and the authentication server until authentication succeeds or fails.