What is 802.1X and how does it relate to data link layer security?

802.1X is a port-based approach to control access to a local network at the data link layer. A device must authenticate through a network switch or wireless access point (the authenticator) using credentials that are checked by an authentication server (typically via RADIUS). Only after successful authentication does the port switch to an authorized state and allow normal traffic to pass. This ensures that untrusted devices can’t even reach the network until they prove who they are, strengthening security at the entry point. After authentication, the device may obtain an IP address via DHCP or use a preconfigured IP, but the key security benefit is that access is blocked until authentication succeeds. It’s not about assigning IP addresses, tagging VLANs, or negotiating MTU.