{"id":34312,"date":"2025-10-17T11:36:58","date_gmt":"2025-10-17T04:36:58","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=34312"},"modified":"2025-10-17T11:36:58","modified_gmt":"2025-10-17T04:36:58","slug":"802-1x-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/","title":{"rendered":"802.1X l\u00e0 g\u00ec? A-Z v\u1ec1 giao th\u1ee9c Chu\u1ea9n ki\u1ec3m so\u00e1t truy c\u1eadp m\u1ea1ng"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#8021X-la-gi\" >802.1X l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Cac-loi-ich-chinh-cua-8021X-trong-bao-mat-mang\" >C\u00e1c l\u1ee3i \u00edch ch\u00ednh c\u1ee7a 802.1X trong b\u1ea3o m\u1eadt m\u1ea1ng<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Tang-cuong-bao-mat-truy-cap-mang\" >T\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt truy c\u1eadp m\u1ea1ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Quan-ly-truy-cap-tap-trung\" >Qu\u1ea3n l\u00fd truy c\u1eadp t\u1eadp trung<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Bao-ve-du-lieu-truyen-tai\" >B\u1ea3o v\u1ec7 d\u1eef li\u1ec7u truy\u1ec1n t\u1ea3i<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Giam-thieu-rui-ro-an-ninh\" >Gi\u1ea3m thi\u1ec3u r\u1ee7i ro an ninh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Linh-hoat-va-tuong-thich-cao\" >Linh ho\u1ea1t v\u00e0 t\u01b0\u01a1ng th\u00edch cao<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Cac-thanh-phan-chinh-trong-mo-hinh-8021X\" >C\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh trong m\u00f4 h\u00ecnh 802.1X<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Supplicant-Nguoi-yeu-cau\" >Supplicant (Ng\u01b0\u1eddi y\u00eau c\u1ea7u)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Authenticator-Bo-xac-thuc\" >Authenticator (B\u1ed9 x\u00e1c th\u1ef1c)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Authentication-Server-May-chu-Xac-thuc\" >Authentication Server (M\u00e1y ch\u1ee7 X\u00e1c th\u1ef1c)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Quy-trinh-hoat-dong-cua-giao-thuc-xac-thuc-8021X\" >Quy tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng c\u1ee7a giao th\u1ee9c x\u00e1c th\u1ef1c 802.1X<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Buoc-1-Phat-hien-va-Khoi-tao-EAPOL-Start\" >B\u01b0\u1edbc 1: Ph\u00e1t hi\u1ec7n v\u00e0 Kh\u1edfi t\u1ea1o (EAPOL Start)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Buoc-2-Yeu-cau-Danh-tinh-EAP-RequestIdentity\" >B\u01b0\u1edbc 2: Y\u00eau c\u1ea7u Danh t\u00ednh (EAP-Request\/Identity)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Buoc-3-Phan-hoi-Danh-tinh-EAP-ResponseIdentity\" >B\u01b0\u1edbc 3: Ph\u1ea3n h\u1ed3i Danh t\u00ednh (EAP-Response\/Identity)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Buoc-4-Trao-doi-EAP-va-Xac-minh-EAP-Exchange\" >B\u01b0\u1edbc 4: Trao \u0111\u1ed5i EAP v\u00e0 X\u00e1c minh (EAP Exchange)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Buoc-5-Phan-hoi-Cuoi-cung-Access-Accept-hoac-Access-Reject\" >B\u01b0\u1edbc 5: Ph\u1ea3n h\u1ed3i Cu\u1ed1i c\u00f9ng (Access-Accept ho\u1eb7c Access-Reject)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Ket-noi-va-quan-he-cua-8021X-voi-giao-thuc-RADIUS\" >K\u1ebft n\u1ed1i v\u00e0 quan h\u1ec7 c\u1ee7a 802.1X v\u1edbi giao th\u1ee9c RADIUS<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#RADIUS-cung-cap-dich-vu-AAA\" >RADIUS cung c\u1ea5p d\u1ecbch v\u1ee5 AAA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Moi-quan-he-trong-8021X\" >M\u1ed1i quan h\u1ec7 trong 802.1X<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Ung-dung-thuc-tien-cua-8021X-tren-mang-co-day-va-khong-day\" >\u1ee8ng d\u1ee5ng th\u1ef1c ti\u1ec5n c\u1ee7a 802.1X tr\u00ean m\u1ea1ng c\u00f3 d\u00e2y v\u00e0 kh\u00f4ng d\u00e2y<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Ung-dung-tren-mang-co-day-LAN\" >\u1ee8ng d\u1ee5ng tr\u00ean m\u1ea1ng c\u00f3 d\u00e2y (LAN)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Ung-dung-tren-mang-khong-day-WLAN\" >\u1ee8ng d\u1ee5ng tr\u00ean m\u1ea1ng kh\u00f4ng d\u00e2y (WLAN)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Loi-ich-thuc-tien\" >L\u1ee3i \u00edch th\u1ef1c ti\u1ec5n<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Phan-nhom-nguoi-dung-voi-VLAN-sau-xac-thuc-cua-8021X\" >Ph\u00e2n nh\u00f3m ng\u01b0\u1eddi d\u00f9ng v\u1edbi VLAN sau x\u00e1c th\u1ef1c c\u1ee7a 802.1X<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Dynamic-VLAN-Assignment-la-gi\" >Dynamic VLAN Assignment l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Case-Study-Chinh-sach-theo-vai-tro\" >Case Study: Ch\u00ednh s\u00e1ch theo vai tr\u00f2<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Cac-rui-ro-bao-mat-8021X-va-giai-phap-phong-ngua\" >C\u00e1c r\u1ee7i ro b\u1ea3o m\u1eadt 802.1X v\u00e0 gi\u1ea3i ph\u00e1p ph\u00f2ng ng\u1eeba<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Rui-ro-tu-cac-phuong-thuc-EAP-kem-bao-mat\" >R\u1ee7i ro t\u1eeb c\u00e1c ph\u01b0\u01a1ng th\u1ee9c EAP k\u00e9m b\u1ea3o m\u1eadt<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Tan-cong-Gia-mao-May-chu-RADIUS-Man-in-the-Middle\" >T\u1ea5n c\u00f4ng Gi\u1ea3 m\u1ea1o M\u00e1y ch\u1ee7 RADIUS (Man-in-the-Middle)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Van-de-Chia-se-Tai-khoan\" >V\u1ea5n \u0111\u1ec1 Chia s\u1ebb T\u00e0i kho\u1ea3n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Van-de-MAB-va-Thiet-bi-IoT\" >V\u1ea5n \u0111\u1ec1 MAB v\u00e0 Thi\u1ebft b\u1ecb IoT<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Xu-ly-loi-thuong-gap-luu-y-khi-van-hanh-giao-thuc-8021X\" >X\u1eed l\u00fd l\u1ed7i th\u01b0\u1eddng g\u1eb7p, l\u01b0u \u00fd khi v\u1eadn h\u00e0nh giao th\u1ee9c 802.1X<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Loi-1-Supplicant-khong-phan-hoi-No-EAPOL-Start\" >L\u1ed7i 1: Supplicant kh\u00f4ng ph\u1ea3n h\u1ed3i (No EAPOL-Start)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Loi-2-Authentication-Rejected-Access-Reject\" >L\u1ed7i 2: Authentication Rejected (Access-Reject)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Loi-3-Van-de-ket-noi-giua-Authenticator-va-RADIUS-Server\" >L\u1ed7i 3: V\u1ea5n \u0111\u1ec1 k\u1ebft n\u1ed1i gi\u1eefa Authenticator v\u00e0 RADIUS Server<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-37\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Luu-y-quan-trong-khi-van-hanh-8021X\" >L\u01b0u \u00fd quan tr\u1ecdng khi v\u1eadn h\u00e0nh 802.1X<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-38\" href=\"https:\/\/interdata.vn\/blog\/802-1x-la-gi\/#Tong-ket\" >T\u1ed5ng k\u1ebft<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>802.1X<\/strong> l\u00e0 ti\u00eau chu\u1ea9n b\u1ea3o m\u1eadt c\u1ee7a IEEE cho ph\u00e9p ki\u1ec3m so\u00e1t truy c\u1eadp m\u1ea1ng d\u1ef1a tr\u00ean danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c thi\u1ebft b\u1ecb. B\u00e0i vi\u1ebft n\u00e0y InterData s\u1ebd gi\u00fap b\u1ea1n hi\u1ec3u r\u00f5 <strong>giao th\u1ee9c 802.1X l\u00e0 g\u00ec<\/strong>, c\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ti\u00eau chu\u1ea9n x\u00e1c th\u1ef1c 802.1X, vai tr\u00f2 c\u1ee7a c\u00e1c th\u00e0nh ph\u1ea7n Supplicant \u2013 Authenticator \u2013 Server trong m\u00f4 h\u00ecnh, c\u0169ng nh\u01b0 l\u1ee3i \u00edch, \u1ee9ng d\u1ee5ng v\u00e0 c\u00e1c r\u1ee7i ro c\u1ea7n l\u01b0u \u00fd khi tri\u1ec3n khai 802.1X trong h\u1ec7 th\u1ed1ng m\u1ea1ng doanh nghi\u1ec7p.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"8021X-la-gi\"><\/span>802.1X l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>802.1X<\/strong> l\u00e0 m\u1ed9t ti\u00eau chu\u1ea9n c\u1ee7a IEEE d\u00f9ng \u0111\u1ec3 ki\u1ec3m so\u00e1t truy c\u1eadp m\u1ea1ng d\u1ef1a tr\u00ean c\u1ed5ng (port-based network access control), cho ph\u00e9p x\u00e1c th\u1ef1c thi\u1ebft b\u1ecb ho\u1eb7c ng\u01b0\u1eddi d\u00f9ng tr\u01b0\u1edbc khi c\u1ea5p quy\u1ec1n truy c\u1eadp v\u00e0o m\u1ea1ng LAN ho\u1eb7c WLAN.<\/p>\n<p>Giao th\u1ee9c 802.1X s\u1eed d\u1ee5ng c\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh g\u1ed3m Supplicant (thi\u1ebft b\u1ecb truy c\u1eadp), Authenticator (switch ho\u1eb7c access point), v\u00e0 Authentication Server (th\u01b0\u1eddng l\u00e0 m\u00e1y ch\u1ee7 RADIUS) \u0111\u1ec3 th\u1ef1c hi\u1ec7n qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c th\u00f4ng qua giao th\u1ee9c EAP.<\/p>\n<p>N\u1ebfu x\u00e1c th\u1ef1c th\u00e0nh c\u00f4ng, thi\u1ebft b\u1ecb s\u1ebd \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp m\u1ea1ng; n\u1ebfu th\u1ea5t b\u1ea1i, truy c\u1eadp s\u1ebd b\u1ecb t\u1eeb ch\u1ed1i ho\u1eb7c c\u00e1ch ly. 802.1X gi\u00fap t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt b\u1eb1ng c\u00e1ch \u0111\u1ea3m b\u1ea3o ch\u1ec9 nh\u1eefng thi\u1ebft b\u1ecb v\u00e0 ng\u01b0\u1eddi d\u00f9ng h\u1ee3p l\u1ec7 m\u1edbi \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng m\u1ea1ng.<\/p>\n<figure id=\"attachment_34362\" aria-describedby=\"caption-attachment-34362\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-34362\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/802-1X-la-gi.jpg\" alt=\"802-1X l\u00e0 g\u00ec\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/802-1X-la-gi.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/802-1X-la-gi-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/802-1X-la-gi-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-34362\" class=\"wp-caption-text\">802-1X l\u00e0 g\u00ec?<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Cac-loi-ich-chinh-cua-8021X-trong-bao-mat-mang\"><\/span>C\u00e1c l\u1ee3i \u00edch ch\u00ednh c\u1ee7a 802.1X trong b\u1ea3o m\u1eadt m\u1ea1ng<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u00e1c l\u1ee3i \u00edch ch\u00ednh c\u1ee7a giao th\u1ee9c x\u00e1c th\u1ef1c 802.1X trong b\u1ea3o m\u1eadt m\u1ea1ng bao g\u1ed3m:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tang-cuong-bao-mat-truy-cap-mang\"><\/span>T\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt truy c\u1eadp m\u1ea1ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>802.1X \u0111\u1ea3m b\u1ea3o r\u1eb1ng ch\u1ec9 c\u00e1c thi\u1ebft b\u1ecb ho\u1eb7c ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c h\u1ee3p l\u1ec7 m\u1edbi \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp v\u00e0o m\u1ea1ng, v\u1edbi ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c d\u1ef1a tr\u00ean ch\u1ee9ng th\u1ef1c ng\u01b0\u1eddi d\u00f9ng (username\/password, ch\u1ee9ng ch\u1ec9 s\u1ed1, OTP&#8230;), ng\u0103n ch\u1eb7n truy c\u1eadp tr\u00e1i ph\u00e9p hi\u1ec7u qu\u1ea3, \u0111\u1eb7c bi\u1ec7t h\u1eefu \u00edch trong m\u00f4i tr\u01b0\u1eddng m\u1ea1ng c\u00f3 d\u00e2y v\u00e0 kh\u00f4ng d\u00e2y, v\u00e0 c\u00e1c thi\u1ebft b\u1ecb BYOD (Bring Your Own Device).\u200b<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quan-ly-truy-cap-tap-trung\"><\/span>Qu\u1ea3n l\u00fd truy c\u1eadp t\u1eadp trung<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ebft h\u1ee3p v\u1edbi m\u00e1y ch\u1ee7 RADIUS, 802.1X cho ph\u00e9p qu\u1ea3n tr\u1ecb vi\u00ean t\u1eadp trung ki\u1ec3m so\u00e1t, ph\u00e2n quy\u1ec1n v\u00e0 ghi nh\u1eadn l\u1ecbch s\u1eed truy c\u1eadp c\u1ee7a t\u1eebng thi\u1ebft b\u1ecb ho\u1eb7c ng\u01b0\u1eddi d\u00f9ng, gi\u00fap theo d\u00f5i chi ti\u1ebft v\u00e0 x\u1eed l\u00fd s\u1ef1 c\u1ed1 nhanh ch\u00f3ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bao-ve-du-lieu-truyen-tai\"><\/span>B\u1ea3o v\u1ec7 d\u1eef li\u1ec7u truy\u1ec1n t\u1ea3i<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Khi k\u1ebft n\u1ed1i \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c, giao th\u1ee9c c\u00f3 th\u1ec3 t\u1ea1o ra c\u00e1c kh\u00f3a m\u00e3 h\u00f3a c\u00e1 nh\u00e2n cho t\u1eebng phi\u00ean truy c\u1eadp, b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u kh\u1ecfi b\u1ecb nghe l\u00e9n, t\u1ea5n c\u00f4ng \u0111\u00e1nh c\u1eafp th\u00f4ng tin, ngay c\u1ea3 khi \u0111\u00e3 x\u00e2m nh\u1eadp \u0111\u01b0\u1ee3c v\u00e0o m\u1ea1ng c\u1ee5c b\u1ed9.\u200b<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giam-thieu-rui-ro-an-ninh\"><\/span>Gi\u1ea3m thi\u1ec3u r\u1ee7i ro an ninh<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Gi\u00fap ph\u00f2ng tr\u00e1nh c\u00e1c nguy c\u01a1 t\u1ea5n c\u00f4ng m\u1ea1ng, nh\u01b0 t\u1ea5n c\u00f4ng gi\u1ea3 m\u1ea1o \u0111i\u1ec3m truy c\u1eadp (rogue AP), truy c\u1eadp m\u1ea1ng tr\u00e1i ph\u00e9p qua c\u1ed5ng v\u1eadt l\u00fd, v\u00e0 l\u00e2y lan m\u00e3 \u0111\u1ed9c trong h\u1ec7 th\u1ed1ng m\u1ea1ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Linh-hoat-va-tuong-thich-cao\"><\/span>Linh ho\u1ea1t v\u00e0 t\u01b0\u01a1ng th\u00edch cao<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>802.1X ho\u1ea1t \u0111\u1ed9ng \u1edf t\u1ea7ng li\u00ean k\u1ebft d\u1eef li\u1ec7u (Layer 2) n\u00ean c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng cho nhi\u1ec1u lo\u1ea1i m\u1ea1ng, t\u1eeb m\u1ea1ng LAN c\u00f3 d\u00e2y, m\u1ea1ng WLAN, \u0111\u1ebfn c\u00e1c m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p ph\u1ee9c t\u1ea1p v\u1edbi kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng cao.<\/p>\n<p>T\u1ea5t c\u1ea3 c\u00e1c l\u1ee3i \u00edch n\u00e0y l\u00e0m cho 802.1X tr\u1edf th\u00e0nh m\u1ed9t chu\u1ea9n quan tr\u1ecdng, kh\u00f4ng th\u1ec3 thi\u1ebfu trong vi\u1ec7c x\u00e2y d\u1ef1ng h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt m\u1ea1ng hi\u1ec7n \u0111\u1ea1i, an to\u00e0n v\u00e0 hi\u1ec7u qu\u1ea3.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-thanh-phan-chinh-trong-mo-hinh-8021X\"><\/span>C\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh trong m\u00f4 h\u00ecnh 802.1X<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 hi\u1ec3u r\u00f5 c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng c\u1ee7a giao th\u1ee9c <strong>802.1X<\/strong>, ch\u00fang ta c\u1ea7n n\u1eafm v\u1eefng ba th\u00e0nh ph\u1ea7n ch\u00ednh t\u01b0\u01a1ng t\u00e1c v\u1edbi nhau trong qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c. M\u1ed1i quan h\u1ec7 gi\u1eefa ba th\u00e0nh ph\u1ea7n n\u00e0y l\u00e0 n\u1ec1n t\u1ea3ng c\u1ee7a to\u00e0n b\u1ed9 ti\u00eau chu\u1ea9n <strong>802.1X.<\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Supplicant-Nguoi-yeu-cau\"><\/span>Supplicant (Ng\u01b0\u1eddi y\u00eau c\u1ea7u)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Supplicant l\u00e0 g\u00ec?<\/strong> \u0110\u00e2y l\u00e0 th\u1ef1c th\u1ec3 y\u00eau c\u1ea7u truy c\u1eadp m\u1ea1ng. V\u1ec1 m\u1eb7t v\u1eadt l\u00fd, \u0111\u00f3 l\u00e0 m\u1ed9t thi\u1ebft b\u1ecb \u0111\u1ea7u cu\u1ed1i nh\u01b0 m\u00e1y t\u00ednh x\u00e1ch tay, m\u00e1y ch\u1ee7, \u0111i\u1ec7n tho\u1ea1i th\u00f4ng minh, ho\u1eb7c m\u00e1y in.<\/p>\n<ul>\n<li><strong>Ch\u1ee9c n\u0103ng:<\/strong> Ch\u1ea1y ph\u1ea7n m\u1ec1m <strong>802.1X client<\/strong> (c\u00f3 th\u1ec3 l\u00e0 \u1ee9ng d\u1ee5ng t\u00edch h\u1ee3p s\u1eb5n c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh nh\u01b0 Windows, macOS ho\u1eb7c ph\u1ea7n m\u1ec1m c\u1ee7a b\u00ean th\u1ee9 ba) \u0111\u1ec3 cung c\u1ea5p th\u00f4ng tin x\u00e1c th\u1ef1c (username\/password ho\u1eb7c ch\u1ee9ng ch\u1ec9 s\u1ed1) khi \u0111\u01b0\u1ee3c y\u00eau c\u1ea7u.<\/li>\n<li><strong>V\u00ed d\u1ee5 th\u1ef1c t\u1ebf:<\/strong> Tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows, d\u1ecbch v\u1ee5 <strong>AutoConfig (Wired AutoConfig)<\/strong> ho\u1eb7c d\u1ecbch v\u1ee5 <strong>WLAN AutoConfig<\/strong> ch\u00ednh l\u00e0 Supplicant.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Authenticator-Bo-xac-thuc\"><\/span>Authenticator (B\u1ed9 x\u00e1c th\u1ef1c)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Authenticator l\u00e0 g\u00ec?<\/strong> \u0110\u00e2y l\u00e0 thi\u1ebft b\u1ecb m\u1ea1ng trung gian, \u0111\u00f3ng vai tr\u00f2 l\u00e0 \u0111i\u1ec3m ki\u1ec3m so\u00e1t v\u1eadt l\u00fd.<\/p>\n<ul>\n<li><strong>Ch\u1ee9c n\u0103ng:<\/strong> <strong>Authenticator<\/strong> (th\u01b0\u1eddng l\u00e0 m\u1ed9t Switch Ethernet ho\u1eb7c Access Point kh\u00f4ng d\u00e2y) ch\u1eb7n l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp ban \u0111\u1ea7u c\u1ee7a <strong>Supplicant<\/strong>. N\u00f3 chuy\u1ec3n ti\u1ebfp y\u00eau c\u1ea7u x\u00e1c th\u1ef1c t\u1eeb <strong>Supplicant<\/strong> \u0111\u1ebfn <strong>Authentication Server<\/strong> v\u00e0 sau \u0111\u00f3 th\u1ef1c thi k\u1ebft qu\u1ea3 (cho ph\u00e9p truy c\u1eadp ho\u1eb7c ti\u1ebfp t\u1ee5c ch\u1eb7n).<\/li>\n<li><strong>Tr\u1ea1ng th\u00e1i c\u1ed5ng:<\/strong> C\u1ed5ng m\u1ea1ng (Port) tr\u00ean <strong>Authenticator<\/strong> c\u00f3 hai tr\u1ea1ng th\u00e1i ch\u00ednh: <strong>Uncontrolled<\/strong> (cho ph\u00e9p l\u01b0u l\u01b0\u1ee3ng x\u00e1c th\u1ef1c \u0111i qua) v\u00e0 <strong>Controlled<\/strong> (ch\u1eb7n ho\u1eb7c cho ph\u00e9p t\u1ea5t c\u1ea3 l\u01b0u l\u01b0\u1ee3ng d\u1eef li\u1ec7u kh\u00e1c).<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Authentication-Server-May-chu-Xac-thuc\"><\/span>Authentication Server (M\u00e1y ch\u1ee7 X\u00e1c th\u1ef1c)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Authentication Server l\u00e0 g\u00ec?<\/strong> \u0110\u00e2y l\u00e0 h\u1ec7 th\u1ed1ng c\u00f3 th\u1ea9m quy\u1ec1n cu\u1ed1i c\u00f9ng \u0111\u1ec3 quy\u1ebft \u0111\u1ecbnh c\u1ea5p quy\u1ec1n hay t\u1eeb ch\u1ed1i truy c\u1eadp.<\/p>\n<ul>\n<li><strong>Ch\u1ee9c n\u0103ng:<\/strong> Nh\u1eadn y\u00eau c\u1ea7u x\u00e1c th\u1ef1c t\u1eeb <strong>Authenticator<\/strong>, ki\u1ec3m tra danh t\u00ednh c\u1ee7a <strong>Supplicant<\/strong> d\u1ef1a tr\u00ean c\u01a1 s\u1edf d\u1eef li\u1ec7u (v\u00ed d\u1ee5: Active Directory, LDAP, ho\u1eb7c c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ee5c b\u1ed9). Sau \u0111\u00f3, n\u00f3 g\u1eedi ph\u1ea3n h\u1ed3i x\u00e1c th\u1ef1c tr\u1edf l\u1ea1i <strong>Authenticator<\/strong>.<\/li>\n<li><strong>Giao th\u1ee9c:<\/strong> <strong>Authentication Server<\/strong> g\u1ea7n nh\u01b0 lu\u00f4n s\u1eed d\u1ee5ng giao th\u1ee9c <strong>RADIUS (Remote Authentication Dial-In User Service)<\/strong> \u0111\u1ec3 giao ti\u1ebfp v\u1edbi <strong>Authenticator<\/strong>. RADIUS cung c\u1ea5p c\u1ea3 ba d\u1ecbch v\u1ee5 <strong>AAA (Authentication, Authorization, Accounting)<\/strong>.<\/li>\n<\/ul>\n<p>M\u00f4 h\u00ecnh ba b\u00ean n\u00e0y \u0111\u1ea3m b\u1ea3o r\u1eb1ng <strong>Authenticator<\/strong> kh\u00f4ng c\u1ea7n l\u01b0u tr\u1eef th\u00f4ng tin nh\u1ea1y c\u1ea3m c\u1ee7a ng\u01b0\u1eddi d\u00f9ng m\u00e0 ch\u1ec9 \u0111\u00f3ng vai tr\u00f2 l\u00e0 c\u1ea7u n\u1ed1i, gi\u00fap t\u1eadp trung c\u00f4ng t\u00e1c qu\u1ea3n l\u00fd v\u00e0 b\u1ea3o m\u1eadt t\u1ea1i <strong>Authentication Server<\/strong> (RADIUS). \u0110\u00e2y l\u00e0 \u01b0u \u0111i\u1ec3m v\u01b0\u1ee3t tr\u1ed9i so v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng x\u00e1c th\u1ef1c ph\u00e2n t\u00e1n.<\/p>\n<figure id=\"attachment_34363\" aria-describedby=\"caption-attachment-34363\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-34363\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Cac-thanh-phan-chinh-trong-mo-hinh-xac-thuc.jpg\" alt=\"C\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh trong m\u00f4 h\u00ecnh x\u00e1c th\u1ef1c\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Cac-thanh-phan-chinh-trong-mo-hinh-xac-thuc.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Cac-thanh-phan-chinh-trong-mo-hinh-xac-thuc-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Cac-thanh-phan-chinh-trong-mo-hinh-xac-thuc-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-34363\" class=\"wp-caption-text\">C\u00e1c th\u00e0nh ph\u1ea7n ch\u00ednh trong m\u00f4 h\u00ecnh x\u00e1c th\u1ef1c<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Quy-trinh-hoat-dong-cua-giao-thuc-xac-thuc-8021X\"><\/span>Quy tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng c\u1ee7a giao th\u1ee9c x\u00e1c th\u1ef1c 802.1X<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Hi\u1ec3u r\u00f5 quy tr\u00ecnh x\u00e1c th\u1ef1c <strong>802.1X<\/strong>\u00a0ho\u1ea1t \u0111\u1ed9ng l\u00e0 ch\u00eca kh\u00f3a \u0111\u1ec3 tri\u1ec3n khai v\u00e0 kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 hi\u1ec7u qu\u1ea3. Qu\u00e1 tr\u00ecnh n\u00e0y di\u1ec5n ra r\u1ea5t nhanh, th\u01b0\u1eddng ch\u1ec9 v\u00e0i gi\u00e2y, nh\u01b0ng bao g\u1ed3m nhi\u1ec1u b\u01b0\u1edbc trao \u0111\u1ed5i th\u00f4ng \u0111i\u1ec7p ph\u1ee9c t\u1ea1p.<\/p>\n<p>Qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c <strong>802.1X authentication<\/strong> \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng d\u1ef1a tr\u00ean m\u1ed9t giao th\u1ee9c quan tr\u1ecdng l\u00e0 <strong>EAP (Extensible Authentication Protocol)<\/strong>, cho ph\u00e9p <strong>Authenticator<\/strong> v\u00e0 <strong>Supplicant<\/strong> trao \u0111\u1ed5i th\u00f4ng tin x\u00e1c th\u1ef1c m\u1ed9t c\u00e1ch an to\u00e0n th\u00f4ng qua m\u1ed9t k\u00eanh m\u00e3 h\u00f3a.<\/p>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c b\u01b0\u1edbc chi ti\u1ebft khi m\u1ed9t m\u00e1y t\u00ednh (Supplicant) k\u1ebft n\u1ed1i v\u00e0o c\u1ed5ng m\u1ea1ng (Authenticator):<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-1-Phat-hien-va-Khoi-tao-EAPOL-Start\"><\/span>B\u01b0\u1edbc 1: Ph\u00e1t hi\u1ec7n v\u00e0 Kh\u1edfi t\u1ea1o (EAPOL Start)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>H\u00e0nh \u0111\u1ed9ng:<\/strong> Khi m\u00e1y t\u00ednh (Supplicant) \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i v\u1eadt l\u00fd v\u00e0o c\u1ed5ng c\u1ee7a Switch (Authenticator), c\u1ed5ng n\u00e0y \u0111ang \u1edf tr\u1ea1ng th\u00e1i <strong>Uncontrolled<\/strong> (ch\u1ec9 cho ph\u00e9p c\u00e1c g\u00f3i tin <strong>EAPOL<\/strong>).<\/li>\n<li><strong>Th\u00f4ng \u0111i\u1ec7p:<\/strong> <strong>Supplicant<\/strong> g\u1eedi m\u1ed9t g\u00f3i tin <strong>EAPOL-Start<\/strong> (EAP over LAN) \u0111\u1ec3 th\u00f4ng b\u00e1o r\u1eb1ng n\u00f3 mu\u1ed1n truy c\u1eadp m\u1ea1ng.<\/li>\n<li><strong>Ph\u1ea3n h\u1ed3i:<\/strong> <strong>Authenticator<\/strong> nh\u1eadn EAPOL-Start, chuy\u1ec3n tr\u1ea1ng th\u00e1i c\u1ed5ng th\u00e0nh <strong>Unauthorized<\/strong> v\u00e0 b\u1eaft \u0111\u1ea7u qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-2-Yeu-cau-Danh-tinh-EAP-RequestIdentity\"><\/span>B\u01b0\u1edbc 2: Y\u00eau c\u1ea7u Danh t\u00ednh (EAP-Request\/Identity)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>H\u00e0nh \u0111\u1ed9ng:<\/strong> <strong>Authenticator<\/strong> g\u1eedi l\u1ea1i g\u00f3i tin <strong>EAP-Request\/Identity<\/strong> t\u1edbi <strong>Supplicant<\/strong>, y\u00eau c\u1ea7u thi\u1ebft b\u1ecb cung c\u1ea5p t\u00ean ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c th\u00f4ng tin nh\u1eadn d\u1ea1ng.<\/li>\n<li><strong>M\u1ee5c \u0111\u00edch:<\/strong> B\u1eaft \u0111\u1ea7u vi\u1ec7c thu th\u1eadp th\u00f4ng tin x\u00e1c th\u1ef1c.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-3-Phan-hoi-Danh-tinh-EAP-ResponseIdentity\"><\/span>B\u01b0\u1edbc 3: Ph\u1ea3n h\u1ed3i Danh t\u00ednh (EAP-Response\/Identity)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>H\u00e0nh \u0111\u1ed9ng:<\/strong> <strong>Supplicant<\/strong> ph\u1ea3n h\u1ed3i b\u1eb1ng g\u00f3i <strong>EAP-Response\/Identity<\/strong>, ch\u1ee9a t\u00ean ng\u01b0\u1eddi d\u00f9ng (username).<\/li>\n<li><strong>Chuy\u1ec3n ti\u1ebfp:<\/strong> <strong>Authenticator<\/strong> \u0111\u00f3ng g\u00f3i th\u00f4ng tin n\u00e0y v\u00e0o m\u1ed9t g\u00f3i tin <strong>RADIUS Access-Request<\/strong> v\u00e0 chuy\u1ec3n ti\u1ebfp n\u00f3 qua m\u1ea1ng \u0111\u1ebfn <strong>Authentication Server<\/strong> (<strong>RADIUS Server<\/strong>).<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-4-Trao-doi-EAP-va-Xac-minh-EAP-Exchange\"><\/span>B\u01b0\u1edbc 4: Trao \u0111\u1ed5i EAP v\u00e0 X\u00e1c minh (EAP Exchange)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>H\u00e0nh \u0111\u1ed9ng:<\/strong> <strong>RADIUS Server<\/strong> v\u00e0 <strong>Supplicant<\/strong> b\u1eaft \u0111\u1ea7u m\u1ed9t qu\u00e1 tr\u00ecnh trao \u0111\u1ed5i th\u00f4ng tin x\u00e1c th\u1ef1c chuy\u00ean bi\u1ec7t, t\u00f9y thu\u1ed9c v\u00e0o ph\u01b0\u01a1ng th\u1ee9c <strong>EAP<\/strong> \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng (v\u00ed d\u1ee5: PEAP, EAP-TLS).\n<ul>\n<li><strong>Authenticator<\/strong> ch\u1ec9 \u0111\u00f3ng vai tr\u00f2 nh\u01b0 m\u1ed9t c\u1ea7u n\u1ed1i, truy\u1ec1n t\u1ea3i c\u00e1c th\u00f4ng \u0111i\u1ec7p <strong>EAP<\/strong> gi\u1eefa hai b\u00ean trong g\u00f3i tin <strong>RADIUS<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<li><strong>M\u1ee5c \u0111\u00edch:<\/strong> G\u1eedi v\u00e0 nh\u1eadn m\u1eadt kh\u1ea9u \u0111\u00e3 m\u00e3 h\u00f3a, ch\u1ee9ng ch\u1ec9 s\u1ed1, ho\u1eb7c c\u00e1c b\u1eb1ng ch\u1ee9ng x\u00e1c th\u1ef1c kh\u00e1c. \u0110\u00e2y l\u00e0 ph\u1ea7n ph\u1ee9c t\u1ea1p v\u00e0 b\u1ea3o m\u1eadt nh\u1ea5t c\u1ee7a ti\u00eau chu\u1ea9n <strong>802.1X<\/strong><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-5-Phan-hoi-Cuoi-cung-Access-Accept-hoac-Access-Reject\"><\/span>B\u01b0\u1edbc 5: Ph\u1ea3n h\u1ed3i Cu\u1ed1i c\u00f9ng (Access-Accept ho\u1eb7c Access-Reject)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>K\u1ebft qu\u1ea3 Th\u00e0nh c\u00f4ng:<\/strong> N\u1ebfu <strong>Authentication Server<\/strong> x\u00e1c minh danh t\u00ednh th\u00e0nh c\u00f4ng, n\u00f3 g\u1eedi g\u00f3i <strong>RADIUS Access-Accept<\/strong> t\u1edbi <strong>Authenticator<\/strong>. G\u00f3i n\u00e0y th\u01b0\u1eddng bao g\u1ed3m c\u00e1c thu\u1ed9c t\u00ednh \u1ee7y quy\u1ec1n (v\u00ed d\u1ee5: T\u00ean VLAN \u0111\u1ed9ng).\n<ul>\n<li><strong>Authenticator<\/strong> nh\u1eadn g\u00f3i <strong>Access-Accept<\/strong>, chuy\u1ec3n tr\u1ea1ng th\u00e1i c\u1ed5ng th\u00e0nh <strong>Authorized (Controlled state)<\/strong> v\u00e0 cho ph\u00e9p thi\u1ebft b\u1ecb truy c\u1eadp m\u1ea1ng ho\u00e0n to\u00e0n.<\/li>\n<\/ul>\n<\/li>\n<li><strong>K\u1ebft qu\u1ea3 Th\u1ea5t b\u1ea1i:<\/strong> N\u1ebfu x\u00e1c th\u1ef1c kh\u00f4ng th\u00e0nh c\u00f4ng, <strong>Authentication Server<\/strong> g\u1eedi g\u00f3i <strong>RADIUS Access-Reject<\/strong>.\n<ul>\n<li><strong>Authenticator<\/strong> gi\u1eef c\u1ed5ng \u1edf tr\u1ea1ng th\u00e1i <strong>Unauthorized<\/strong> (ho\u1eb7c chuy\u1ec3n sang VLAN c\u00e1ch ly Guest\/Remediation VLAN) v\u00e0 ti\u1ebfp t\u1ee5c ch\u1eb7n truy c\u1eadp.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>To\u00e0n b\u1ed9 qu\u00e1 tr\u00ecnh n\u00e0y \u0111\u1ea3m b\u1ea3o r\u1eb1ng m\u1ed7i truy c\u1eadp m\u1ea1ng \u0111\u1ec1u \u0111\u01b0\u1ee3c c\u00e1 nh\u00e2n h\u00f3a v\u00e0 ghi nh\u1eadt k\u00fd l\u1ea1i, mang l\u1ea1i kh\u1ea3 n\u0103ng ki\u1ec3m so\u00e1t tuy\u1ec7t \u0111\u1ed1i so v\u1edbi b\u1ea5t k\u1ef3 gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt m\u1ea1ng l\u1edbp 2 n\u00e0o kh\u00e1c.<\/p>\n<figure id=\"attachment_34364\" aria-describedby=\"caption-attachment-34364\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-34364\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Quy-trinh-hoat-dong-cua-802-1X.jpg\" alt=\"Quy tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng c\u1ee7a 802-1X\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Quy-trinh-hoat-dong-cua-802-1X.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Quy-trinh-hoat-dong-cua-802-1X-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Quy-trinh-hoat-dong-cua-802-1X-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-34364\" class=\"wp-caption-text\">Quy tr\u00ecnh ho\u1ea1t \u0111\u1ed9ng c\u1ee7a 802-1X<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Ket-noi-va-quan-he-cua-8021X-voi-giao-thuc-RADIUS\"><\/span>K\u1ebft n\u1ed1i v\u00e0 quan h\u1ec7 c\u1ee7a 802.1X v\u1edbi giao th\u1ee9c RADIUS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Kh\u00f4ng th\u1ec3 nh\u1eafc \u0111\u1ebfn <strong>802.1X <\/strong>m\u00e0 b\u1ecf qua <strong>RADIUS Server<\/strong>. C\u1ea3 hai l\u00e0 m\u1ed9t c\u1eb7p kh\u00f4ng th\u1ec3 t\u00e1ch r\u1eddi trong b\u1ea5t k\u1ef3 h\u1ec7 th\u1ed1ng ki\u1ec3m so\u00e1t truy c\u1eadp t\u1eadp trung n\u00e0o.<\/p>\n<p><strong>802.1X<\/strong> ch\u1ec9 \u0111\u1ecbnh c\u00e1ch th\u1ee9c <strong>Supplicant<\/strong> v\u00e0 <strong>Authenticator<\/strong> trao \u0111\u1ed5i th\u00f4ng tin \u1edf l\u1edbp 2 (s\u1eed d\u1ee5ng EAPOL). Tuy nhi\u00ean, n\u00f3 kh\u00f4ng ch\u1ec9 \u0111\u1ecbnh c\u00e1ch th\u1ee9c <strong>Authenticator<\/strong> giao ti\u1ebfp v\u1edbi <strong>Authentication Server<\/strong>. \u0110\u00f3 l\u00e0 n\u01a1i <strong>RADIUS<\/strong> b\u01b0\u1edbc v\u00e0o.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"RADIUS-cung-cap-dich-vu-AAA\"><\/span>RADIUS cung c\u1ea5p d\u1ecbch v\u1ee5 AAA<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>RADIUS (Remote Authentication Dial-In User Service)<\/strong> l\u00e0 giao th\u1ee9c ti\u00eau chu\u1ea9n c\u00f4ng nghi\u1ec7p ch\u1ea1y \u1edf l\u1edbp \u1ee9ng d\u1ee5ng (Application Layer). N\u00f3 cung c\u1ea5p b\u1ed9 ba d\u1ecbch v\u1ee5 <strong>AAA (Authentication, Authorization, Accounting)<\/strong> cho m\u00f4i tr\u01b0\u1eddng <strong>802.1X<\/strong>:<\/p>\n<ol>\n<li><strong>Authentication (X\u00e1c th\u1ef1c):<\/strong> X\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c thi\u1ebft b\u1ecb (B\u1ea1n l\u00e0 ai?).<\/li>\n<li><strong>Authorization (\u1ee6y quy\u1ec1n):<\/strong> Quy\u1ebft \u0111\u1ecbnh quy\u1ec1n h\u1ea1n c\u1ee7a ng\u01b0\u1eddi d\u00f9ng sau khi x\u00e1c th\u1ef1c (B\u1ea1n \u0111\u01b0\u1ee3c l\u00e0m g\u00ec?). Trong <strong>802.1X<\/strong>, \u0111i\u1ec1u n\u00e0y th\u01b0\u1eddng \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n th\u00f4ng qua vi\u1ec7c g\u00e1n <strong>VLAN \u0111\u1ed9ng (Dynamic VLAN)<\/strong> ho\u1eb7c Access Control List (ACL).<\/li>\n<li><strong>Accounting (K\u1ebf to\u00e1n\/Ghi nh\u1eadt k\u00fd):<\/strong> Theo d\u00f5i ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng (B\u1ea1n \u0111\u00e3 l\u00e0m g\u00ec, trong bao l\u00e2u?).<\/li>\n<\/ol>\n<h3><span class=\"ez-toc-section\" id=\"Moi-quan-he-trong-8021X\"><\/span>M\u1ed1i quan h\u1ec7 trong 802.1X<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong m\u00f4 h\u00ecnh <strong>802.1X<\/strong>, <strong>Authenticator<\/strong> ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t <strong>RADIUS Client<\/strong> v\u00e0 g\u1eedi c\u00e1c th\u00f4ng \u0111i\u1ec7p <strong>Access-Request<\/strong> t\u1edbi <strong>RADIUS Server<\/strong>.<\/p>\n<ul>\n<li><strong>\u0110\u00f3ng g\u00f3i EAP:<\/strong> <strong>RADIUS Server<\/strong> \u0111\u00f3ng g\u00f3i c\u00e1c th\u00f4ng \u0111i\u1ec7p <strong>EAP<\/strong> m\u00e0 n\u00f3 c\u1ea7n trao \u0111\u1ed5i v\u1edbi <strong>Supplicant<\/strong> v\u00e0o c\u00e1c tr\u01b0\u1eddng thu\u1ed9c t\u00ednh b\u00ean trong g\u00f3i tin RADIUS.<\/li>\n<li><strong>\u0110\u1ed3ng nh\u1ea5t h\u00f3a qu\u1ea3n l\u00fd:<\/strong> M\u1ecdi y\u00eau c\u1ea7u truy c\u1eadp t\u1eeb m\u1ecdi thi\u1ebft b\u1ecb m\u1ea1ng (Switch, AP, VPN Gateway) \u0111\u1ec1u \u0111\u01b0\u1ee3c t\u1eadp trung v\u00e0o m\u1ed9t <strong>RADIUS Server<\/strong> duy nh\u1ea5t (v\u00ed d\u1ee5: Microsoft NPS tr\u00ean Windows Server, FreeRADIUS tr\u00ean Linux). \u0110i\u1ec1u n\u00e0y \u0111\u01a1n gi\u1ea3n h\u00f3a \u0111\u00e1ng k\u1ec3 vi\u1ec7c qu\u1ea3n l\u00fd t\u00e0i kho\u1ea3n v\u00e0 ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt cho to\u00e0n b\u1ed9 h\u1ea1 t\u1ea7ng m\u1ea1ng.<\/li>\n<li><strong>Ch\u00ednh s\u00e1ch t\u1eadp trung:<\/strong> C\u00e1c k\u1ef9 s\u01b0 m\u1ea1ng kh\u00f4ng c\u1ea7n c\u1ea5u h\u00ecnh ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt tr\u00ean h\u00e0ng tr\u0103m switch v\u00e0 AP ri\u00eang l\u1ebb. H\u1ecd ch\u1ec9 c\u1ea7n t\u1ea1o ch\u00ednh s\u00e1ch t\u1eadp trung tr\u00ean <strong>RADIUS Server<\/strong>. Khi ng\u01b0\u1eddi d\u00f9ng \u0111\u0103ng nh\u1eadp, <strong>RADIUS Server<\/strong> s\u1ebd th\u00f4ng b\u00e1o cho thi\u1ebft b\u1ecb m\u1ea1ng \u0111\u00f3 (Authenticator) c\u00e1c quy t\u1eafc \u00e1p d\u1ee5ng, nh\u01b0 <strong>Port-Based Access Control<\/strong> v\u00e0 VLAN n\u00e0o s\u1ebd \u0111\u01b0\u1ee3c g\u00e1n.<\/li>\n<\/ul>\n<p>S\u1ef1 k\u1ebft h\u1ee3p gi\u1eefa c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c 802.1X v\u00e0 kh\u1ea3 n\u0103ng qu\u1ea3n l\u00fd t\u1eadp trung c\u1ee7a RADIUS t\u1ea1o ra m\u1ed9t gi\u1ea3i ph\u00e1p ki\u1ec3m so\u00e1t truy c\u1eadp m\u1ea1nh m\u1ebd, linh ho\u1ea1t, \u0111\u00e1p \u1ee9ng m\u1ecdi y\u00eau c\u1ea7u b\u1ea3o m\u1eadt nghi\u00eam ng\u1eb7t nh\u1ea5t c\u1ee7a doanh nghi\u1ec7p.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Ung-dung-thuc-tien-cua-8021X-tren-mang-co-day-va-khong-day\"><\/span>\u1ee8ng d\u1ee5ng th\u1ef1c ti\u1ec5n c\u1ee7a 802.1X tr\u00ean m\u1ea1ng c\u00f3 d\u00e2y v\u00e0 kh\u00f4ng d\u00e2y<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>802.1X \u0111\u01b0\u1ee3c \u1ee9ng d\u1ee5ng th\u1ef1c ti\u1ec5n tr\u00ean c\u1ea3 m\u1ea1ng c\u00f3 d\u00e2y (LAN) v\u00e0 m\u1ea1ng kh\u00f4ng d\u00e2y (WLAN) \u0111\u1ec3 ki\u1ec3m so\u00e1t truy c\u1eadp, x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c thi\u1ebft b\u1ecb tr\u01b0\u1edbc khi cho ph\u00e9p truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng m\u1ea1ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ung-dung-tren-mang-co-day-LAN\"><\/span>\u1ee8ng d\u1ee5ng tr\u00ean m\u1ea1ng c\u00f3 d\u00e2y (LAN)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>802.1X gi\u00fap c\u00e1c switch ki\u1ec3m so\u00e1t t\u1eebng c\u1ed5ng v\u1eadt l\u00fd, ch\u1ec9 cho ph\u00e9p thi\u1ebft b\u1ecb \u0111\u00e3 x\u00e1c th\u1ef1c truy c\u1eadp v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9.<\/li>\n<li>Khi m\u1ed9t m\u00e1y t\u00ednh k\u1ebft n\u1ed1i v\u00e0o c\u1ed5ng switch, n\u00f3 ph\u1ea3i x\u00e1c th\u1ef1c qua giao th\u1ee9c EAP v\u1edbi m\u00e1y ch\u1ee7 RADIUS; n\u1ebfu th\u00e0nh c\u00f4ng, truy c\u1eadp m\u1ea1ng \u0111\u01b0\u1ee3c c\u1ea5p, n\u1ebfu th\u1ea5t b\u1ea1i s\u1ebd b\u1ecb ch\u1eb7n ho\u1eb7c c\u00e1ch ly.<\/li>\n<li>Gi\u1ea3i ph\u00e1p n\u00e0y th\u01b0\u1eddng d\u00f9ng trong doanh nghi\u1ec7p, tr\u01b0\u1eddng h\u1ecdc, t\u1ed5 ch\u1ee9c c\u1ea7n b\u1ea3o m\u1eadt truy c\u1eadp n\u1ed9i b\u1ed9, ph\u00e2n nh\u00f3m ng\u01b0\u1eddi d\u00f9ng, ho\u1eb7c ki\u1ec3m so\u00e1t truy c\u1eadp theo ch\u00ednh s\u00e1ch.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Ung-dung-tren-mang-khong-day-WLAN\"><\/span>\u1ee8ng d\u1ee5ng tr\u00ean m\u1ea1ng kh\u00f4ng d\u00e2y (WLAN)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>802.1X \u0111\u01b0\u1ee3c tri\u1ec3n khai tr\u00ean c\u00e1c \u0111i\u1ec3m truy c\u1eadp kh\u00f4ng d\u00e2y (Access Point) \u0111\u1ec3 x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng tr\u01b0\u1edbc khi c\u1ea5p quy\u1ec1n truy c\u1eadp Wi-Fi.<\/li>\n<li>Ng\u01b0\u1eddi d\u00f9ng ph\u1ea3i \u0111\u0103ng nh\u1eadp b\u1eb1ng t\u00e0i kho\u1ea3n (th\u01b0\u1eddng qua m\u00e1y ch\u1ee7 RADIUS) tr\u01b0\u1edbc khi truy c\u1eadp Internet ho\u1eb7c t\u00e0i nguy\u00ean m\u1ea1ng.<\/li>\n<li>Gi\u1ea3i ph\u00e1p n\u00e0y gi\u00fap b\u1ea3o v\u1ec7 m\u1ea1ng Wi-Fi kh\u1ecfi truy c\u1eadp tr\u00e1i ph\u00e9p, h\u1ed7 tr\u1ee3 ph\u00e2n nh\u00f3m ng\u01b0\u1eddi d\u00f9ng, v\u00e0 t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt cho h\u1ec7 th\u1ed1ng kh\u00f4ng d\u00e2y doanh nghi\u1ec7p.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Loi-ich-thuc-tien\"><\/span>L\u1ee3i \u00edch th\u1ef1c ti\u1ec5n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Ng\u0103n ch\u1eb7n truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9 v\u00e0 Wi-Fi.<\/li>\n<li>H\u1ed7 tr\u1ee3 x\u00e1c th\u1ef1c t\u1eadp trung, d\u1ec5 qu\u1ea3n l\u00fd ng\u01b0\u1eddi d\u00f9ng v\u00e0 thi\u1ebft b\u1ecb.<\/li>\n<li>T\u00edch h\u1ee3p v\u1edbi c\u00e1c gi\u1ea3i ph\u00e1p NAC, VLAN, gi\u00fap ph\u00e2n nh\u00f3m v\u00e0 ki\u1ec3m so\u00e1t truy c\u1eadp linh ho\u1ea1t.<\/li>\n<\/ul>\n<p>802.1X l\u00e0 n\u1ec1n t\u1ea3ng b\u1ea3o m\u1eadt quan tr\u1ecdng cho c\u00e1c h\u1ec7 th\u1ed1ng m\u1ea1ng hi\u1ec7n \u0111\u1ea1i, \u0111\u1eb7c bi\u1ec7t trong m\u00f4i tr\u01b0\u1eddng doanh nghi\u1ec7p, gi\u00e1o d\u1ee5c, v\u00e0 t\u1ed5 ch\u1ee9c c\u1ea7n ki\u1ec3m so\u00e1t truy c\u1eadp ch\u1eb7t ch\u1ebd.<\/p>\n<figure id=\"attachment_34365\" aria-describedby=\"caption-attachment-34365\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-34365\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Ung-dung-cua-802-1X.jpg\" alt=\"\u1ee8ng d\u1ee5ng c\u1ee7a 802-1X\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Ung-dung-cua-802-1X.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Ung-dung-cua-802-1X-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Ung-dung-cua-802-1X-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-34365\" class=\"wp-caption-text\">\u1ee8ng d\u1ee5ng c\u1ee7a 802-1X<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Phan-nhom-nguoi-dung-voi-VLAN-sau-xac-thuc-cua-8021X\"><\/span>Ph\u00e2n nh\u00f3m ng\u01b0\u1eddi d\u00f9ng v\u1edbi VLAN sau x\u00e1c th\u1ef1c c\u1ee7a 802.1X<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1ed9t trong nh\u1eefng t\u00ednh n\u0103ng m\u1ea1nh m\u1ebd nh\u1ea5t c\u1ee7a vi\u1ec7c tri\u1ec3n khai <strong>802.1X<\/strong>\u00a0k\u1ebft h\u1ee3p v\u1edbi RADIUS l\u00e0 kh\u1ea3 n\u0103ng <strong>Ph\u00e2n nh\u00f3m ng\u01b0\u1eddi d\u00f9ng v\u1edbi VLAN \u0111\u1ed9ng (Dynamic VLAN Assignment)<\/strong>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dynamic-VLAN-Assignment-la-gi\"><\/span>Dynamic VLAN Assignment l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Thay v\u00ec g\u00e1n t\u0129nh m\u1ed9t c\u1ed5ng Switch v\u00e0o m\u1ed9t VLAN c\u1ed1 \u0111\u1ecbnh, vi\u1ec7c g\u00e1n VLAN \u0111\u1ed9ng cho ph\u00e9p:<\/p>\n<ul>\n<li><strong>\u1ee6y quy\u1ec1n linh ho\u1ea1t:<\/strong> Khi <strong>Supplicant<\/strong> ho\u00e0n th\u00e0nh qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c, <strong>RADIUS Server<\/strong> kh\u00f4ng ch\u1ec9 tr\u1ea3 v\u1ec1 <strong>Access-Accept<\/strong>, m\u00e0 c\u00f2n \u0111\u00ednh k\u00e8m m\u1ed9t thu\u1ed9c t\u00ednh \u1ee7y quy\u1ec1n (Attribute) quan tr\u1ecdng.<\/li>\n<li><strong>Thu\u1ed9c t\u00ednh VLAN:<\/strong> Thu\u1ed9c t\u00ednh n\u00e0y (v\u00ed d\u1ee5: <code>Tunnel-Private-Group-ID<\/code>) ch\u1ee9a th\u00f4ng tin v\u1ec1 s\u1ed1 hi\u1ec7u <strong>VLAN<\/strong> m\u00e0 ng\u01b0\u1eddi d\u00f9ng \u0111\u00f3 n\u00ean \u0111\u01b0\u1ee3c \u0111\u1eb7t v\u00e0o.<\/li>\n<li><strong>Th\u1ef1c thi:<\/strong> <strong>Authenticator<\/strong> (Switch) nh\u1eadn thu\u1ed9c t\u00ednh n\u00e0y v\u00e0 ngay l\u1eadp t\u1ee9c g\u00e1n c\u1ed5ng m\u1ea1ng \u0111\u00f3 v\u00e0o VLAN \u0111\u01b0\u1ee3c ch\u1ec9 \u0111\u1ecbnh (V\u00ed d\u1ee5: N\u1ebfu l\u00e0 K\u1ebf to\u00e1n, g\u00e1n v\u00e0o VLAN 10; n\u1ebfu l\u00e0 Kh\u00e1ch, g\u00e1n v\u00e0o VLAN 50).<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Case-Study-Chinh-sach-theo-vai-tro\"><\/span>Case Study: Ch\u00ednh s\u00e1ch theo vai tr\u00f2<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Gi\u1ea3 s\u1eed trong m\u1ed9t c\u00f4ng ty c\u00f3 hai vai tr\u00f2:<\/p>\n<ol>\n<li><strong>Nh\u00e2n vi\u00ean IT:<\/strong> Khi \u0111\u0103ng nh\u1eadp th\u00e0nh c\u00f4ng b\u1eb1ng t\u00e0i kho\u1ea3n IT, <strong>RADIUS Server<\/strong> tr\u1ea3 v\u1ec1 VLAN 20 (VLAN Qu\u1ea3n tr\u1ecb).<\/li>\n<li><strong>Kh\u00e1ch (Guest):<\/strong> Khi \u0111\u0103ng nh\u1eadp b\u1eb1ng t\u00e0i kho\u1ea3n Kh\u00e1ch, <strong>RADIUS Server<\/strong> tr\u1ea3 v\u1ec1 VLAN 50 (VLAN Kh\u00e1ch, b\u1ecb gi\u1edbi h\u1ea1n truy c\u1eadp Internet).<\/li>\n<\/ol>\n<p>D\u00f9 c\u1ea3 hai ng\u01b0\u1eddi d\u00f9ng c\u1eafm v\u00e0o c\u00f9ng m\u1ed9t c\u1ed5ng Switch v\u1eadt l\u00fd (v\u00ed d\u1ee5: Port 5), Switch s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111i\u1ec1u ch\u1ec9nh quy\u1ec1n truy c\u1eadp c\u1ee7a h\u1ecd b\u1eb1ng c\u00e1ch thay \u0111\u1ed5i VLAN c\u1ee7a c\u1ed5ng \u0111\u00f3. \u0110i\u1ec1u n\u00e0y mang l\u1ea1i t\u00ednh linh ho\u1ea1t v\u00e0 b\u1ea3o m\u1eadt cao ch\u01b0a t\u1eebng c\u00f3 trong c\u00e1c gi\u1ea3i ph\u00e1p ki\u1ec3m so\u00e1t truy c\u1eadp c\u0169.<\/p>\n<p>Vi\u1ec7c ph\u00e2n nh\u00f3m ng\u01b0\u1eddi d\u00f9ng v\u1edbi VLAN sau x\u00e1c th\u1ef1c l\u00e0 minh ch\u1ee9ng r\u00f5 nh\u1ea5t cho kh\u1ea3 n\u0103ng <strong>Authorization<\/strong> (\u1ee6y quy\u1ec1n) c\u1ee7a giao th\u1ee9c <strong>802.1X<\/strong>\u00a0v\u00e0 RADIUS, cho ph\u00e9p m\u1ea1ng c\u1ee7a b\u1ea1n \u0111\u00e1p \u1ee9ng c\u00e1c ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt chi ti\u1ebft d\u1ef1a tr\u00ean vai tr\u00f2 (Role-Based Access Control).<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-rui-ro-bao-mat-8021X-va-giai-phap-phong-ngua\"><\/span>C\u00e1c r\u1ee7i ro b\u1ea3o m\u1eadt 802.1X v\u00e0 gi\u1ea3i ph\u00e1p ph\u00f2ng ng\u1eeba<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1eb7c d\u00f9 giao th\u1ee9c x\u00e1c th\u1ef1c <strong>802.1X <\/strong>l\u00e0 m\u1ed9t ti\u00eau chu\u1ea9n b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd, vi\u1ec7c tri\u1ec3n khai kh\u00f4ng \u0111\u00fang c\u00e1ch v\u1eabn c\u00f3 th\u1ec3 t\u1ea1o ra c\u00e1c l\u1ed7 h\u1ed5ng. K\u1ef9 s\u01b0 m\u1ea1ng c\u1ea7n nh\u1eadn th\u1ee9c r\u00f5 nh\u1eefng r\u1ee7i ro n\u00e0y \u0111\u1ec3 c\u00f3 gi\u1ea3i ph\u00e1p ph\u00f2ng ng\u1eeba h\u1ee3p l\u00fd.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Rui-ro-tu-cac-phuong-thuc-EAP-kem-bao-mat\"><\/span>R\u1ee7i ro t\u1eeb c\u00e1c ph\u01b0\u01a1ng th\u1ee9c EAP k\u00e9m b\u1ea3o m\u1eadt<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>EAP-MD5:<\/strong> \u0110\u00e2y l\u00e0 ph\u01b0\u01a1ng th\u1ee9c <strong>EAP<\/strong> c\u0169 v\u00e0 kh\u00f4ng c\u00f2n \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb v\u00ec n\u00f3 d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng t\u1eeb \u0111i\u1ec3n (dictionary attack) ho\u1eb7c t\u1ea5n c\u00f4ng chuy\u1ec3n ti\u1ebfp (relay attack).\n<ul>\n<li><strong>Ph\u00f2ng ng\u1eeba:<\/strong> Lu\u00f4n s\u1eed d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng th\u1ee9c <strong>EAP<\/strong> hi\u1ec7n \u0111\u1ea1i: <strong>PEAP<\/strong> ho\u1eb7c <strong>EAP-TLS<\/strong>. PEAP l\u00e0 ph\u1ed5 bi\u1ebfn nh\u1ea5t v\u00ec n\u00f3 ch\u1ec9 y\u00eau c\u1ea7u Ch\u1ee9ng ch\u1ec9 s\u1ed1 tr\u00ean Server, c\u00f2n EAP-TLS l\u00e0 b\u1ea3o m\u1eadt nh\u1ea5t v\u00ec n\u00f3 y\u00eau c\u1ea7u c\u1ea3 Server v\u00e0 Client \u0111\u1ec1u ph\u1ea3i c\u00f3 Ch\u1ee9ng ch\u1ec9.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Tan-cong-Gia-mao-May-chu-RADIUS-Man-in-the-Middle\"><\/span>T\u1ea5n c\u00f4ng Gi\u1ea3 m\u1ea1o M\u00e1y ch\u1ee7 RADIUS (Man-in-the-Middle)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 thi\u1ebft l\u1eadp m\u1ed9t <strong>Authenticator<\/strong> ho\u1eb7c <strong>RADIUS Server<\/strong> gi\u1ea3 m\u1ea1o \u0111\u1ec3 l\u1eeba <strong>Supplicant<\/strong> g\u1eedi th\u00f4ng tin x\u00e1c th\u1ef1c c\u1ee7a h\u1ecd.<\/p>\n<ul>\n<li><strong>Ph\u00f2ng ng\u1eeba:<\/strong> Khi s\u1eed d\u1ee5ng <strong>PEAP<\/strong> ho\u1eb7c <strong>EAP-TLS<\/strong>, <strong>Supplicant<\/strong> ph\u1ea3i \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u1ec3 <strong>X\u00e1c minh Ch\u1ee9ng ch\u1ec9 s\u1ed1 c\u1ee7a Server<\/strong> (Server Certificate Validation). \u0110i\u1ec1u n\u00e0y \u0111\u1ea3m b\u1ea3o r\u1eb1ng <strong>Supplicant<\/strong> ch\u1ec9 k\u1ebft n\u1ed1i v\u1edbi <strong>RADIUS Server<\/strong> ch\u00ednh th\u1ee9c c\u1ee7a t\u1ed5 ch\u1ee9c. N\u1ebfu Ch\u1ee9ng ch\u1ec9 Server kh\u00f4ng h\u1ee3p l\u1ec7 ho\u1eb7c kh\u00f4ng kh\u1edbp v\u1edbi t\u00ean mi\u1ec1n, k\u1ebft n\u1ed1i s\u1ebd b\u1ecb t\u1eeb ch\u1ed1i, b\u1ea3o v\u1ec7 ng\u01b0\u1eddi d\u00f9ng kh\u1ecfi <strong>802.1X authentication<\/strong> gi\u1ea3 m\u1ea1o.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Van-de-Chia-se-Tai-khoan\"><\/span>V\u1ea5n \u0111\u1ec1 Chia s\u1ebb T\u00e0i kho\u1ea3n<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu ng\u01b0\u1eddi d\u00f9ng chia s\u1ebb t\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 m\u1eadt kh\u1ea9u <strong>802.1X<\/strong>\u00a0c\u1ee7a h\u1ecd cho ng\u01b0\u1eddi kh\u00e1c, h\u1ec7 th\u1ed1ng s\u1ebd v\u1eabn c\u1ea5p quy\u1ec1n truy c\u1eadp v\u00ec th\u00f4ng tin x\u00e1c th\u1ef1c l\u00e0 h\u1ee3p l\u1ec7.<\/p>\n<ul>\n<li><strong>Ph\u00f2ng ng\u1eeba:<\/strong>\n<ul>\n<li>S\u1eed d\u1ee5ng <strong>EAP-TLS<\/strong> (X\u00e1c th\u1ef1c b\u1eb1ng Ch\u1ee9ng ch\u1ec9): Ch\u1ee9ng ch\u1ec9 s\u1ed1 \u0111\u01b0\u1ee3c nh\u00fang v\u00e0o thi\u1ebft b\u1ecb v\u00e0 kh\u00f3 sao ch\u00e9p\/chia s\u1ebb h\u01a1n m\u1eadt kh\u1ea9u.<\/li>\n<li>S\u1eed d\u1ee5ng c\u00e1c gi\u1ea3i ph\u00e1p <strong>Posture Assessment (\u0110\u00e1nh gi\u00e1 T\u01b0 th\u1ebf)<\/strong> trong c\u00e1c h\u1ec7 th\u1ed1ng <strong>NAC (Network Access Control)<\/strong> n\u00e2ng cao: Ki\u1ec3m tra t\u00ecnh tr\u1ea1ng b\u1ea3o m\u1eadt c\u1ee7a thi\u1ebft b\u1ecb (c\u00f3 firewall kh\u00f4ng, c\u00f3 ch\u1ed1ng virus kh\u00f4ng) tr\u01b0\u1edbc khi c\u1ea5p quy\u1ec1n truy c\u1eadp.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Van-de-MAB-va-Thiet-bi-IoT\"><\/span>V\u1ea5n \u0111\u1ec1 MAB v\u00e0 Thi\u1ebft b\u1ecb IoT<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Qu\u00e1 nhi\u1ec1u thi\u1ebft b\u1ecb s\u1eed d\u1ee5ng <strong>MAB (MAC Authentication Bypass)<\/strong> c\u00f3 th\u1ec3 l\u00e0m suy y\u1ebfu h\u1ec7 th\u1ed1ng v\u00ec \u0111\u1ecba ch\u1ec9 MAC d\u1ec5 b\u1ecb gi\u1ea3 m\u1ea1o. C\u00e1c thi\u1ebft b\u1ecb IoT m\u1edbi \u0111\u00f4i khi ch\u1ec9 h\u1ed7 tr\u1ee3 MAB.<\/p>\n<ul>\n<li><strong>Ph\u00f2ng ng\u1eeba:<\/strong> Gi\u1edbi h\u1ea1n vi\u1ec7c s\u1eed d\u1ee5ng MAB ch\u1ec9 cho c\u00e1c thi\u1ebft b\u1ecb kh\u00f4ng th\u1ec3 ch\u1ea1y <strong>802.1X client<\/strong>. Tri\u1ec3n khai ch\u00ednh s\u00e1ch nghi\u00eam ng\u1eb7t cho c\u00e1c VLAN \u0111\u01b0\u1ee3c g\u00e1n cho MAB (v\u00ed d\u1ee5: gi\u1edbi h\u1ea1n b\u0103ng th\u00f4ng, ch\u1ec9 cho ph\u00e9p truy c\u1eadp t\u1edbi m\u1ed9t s\u1ed1 m\u00e1y ch\u1ee7 c\u1ee5 th\u1ec3).<\/li>\n<\/ul>\n<p>\u0110\u1ec3 h\u1ec7 th\u1ed1ng <strong>802.1X<\/strong>\u00a0ph\u00e1t huy t\u1ed1i \u0111a hi\u1ec7u qu\u1ea3, vi\u1ec7c qu\u1ea3n l\u00fd v\u00f2ng \u0111\u1eddi ch\u1ee9ng ch\u1ec9 s\u1ed1 v\u00e0 li\u00ean t\u1ee5c gi\u00e1m s\u00e1t nh\u1eadt k\u00fd RADIUS l\u00e0 kh\u00f4ng th\u1ec3 thi\u1ebfu.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Xu-ly-loi-thuong-gap-luu-y-khi-van-hanh-giao-thuc-8021X\"><\/span>X\u1eed l\u00fd l\u1ed7i th\u01b0\u1eddng g\u1eb7p, l\u01b0u \u00fd khi v\u1eadn h\u00e0nh giao th\u1ee9c 802.1X<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Khi tri\u1ec3n khai v\u00e0 v\u1eadn h\u00e0nh c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c <strong>802.1X<\/strong>, c\u00e1c k\u1ef9 s\u01b0 m\u1ea1ng th\u01b0\u1eddng g\u1eb7p ph\u1ea3i m\u1ed9t s\u1ed1 l\u1ed7i ph\u1ed5 bi\u1ebfn, ch\u1ee7 y\u1ebfu xoay quanh vi\u1ec7c giao ti\u1ebfp gi\u1eefa ba th\u00e0nh ph\u1ea7n ch\u00ednh.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Loi-1-Supplicant-khong-phan-hoi-No-EAPOL-Start\"><\/span>L\u1ed7i 1: Supplicant kh\u00f4ng ph\u1ea3n h\u1ed3i (No EAPOL-Start)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Nguy\u00ean nh\u00e2n:<\/strong> D\u1ecbch v\u1ee5 <strong>802.1X client<\/strong> tr\u00ean m\u00e1y t\u00ednh (Supplicant) ch\u01b0a \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t ho\u1eb7c b\u1ecb ch\u1eb7n b\u1edfi firewall c\u1ee5c b\u1ed9.<\/li>\n<li><strong>Kh\u1eafc ph\u1ee5c:<\/strong>\n<ul>\n<li>Ki\u1ec3m tra d\u1ecbch v\u1ee5 <strong>Wired AutoConfig<\/strong> ho\u1eb7c <strong>WLAN AutoConfig<\/strong> tr\u00ean Windows.<\/li>\n<li>\u0110\u1ea3m b\u1ea3o ph\u1ea7n m\u1ec1m <strong>802.1X client<\/strong> (n\u1ebfu c\u00f3) \u0111ang ch\u1ea1y v\u00e0 c\u1ea5u h\u00ecnh ch\u00ednh x\u00e1c.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Loi-2-Authentication-Rejected-Access-Reject\"><\/span>L\u1ed7i 2: Authentication Rejected (Access-Reject)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 l\u1ed7i ph\u1ed5 bi\u1ebfn nh\u1ea5t, cho th\u1ea5y qu\u00e1 tr\u00ecnh <strong>802.1X authentication<\/strong> th\u1ea5t b\u1ea1i.<\/p>\n<ul>\n<li><strong>Nguy\u00ean nh\u00e2n:<\/strong>\n<ol>\n<li>Sai t\u00ean ng\u01b0\u1eddi d\u00f9ng\/m\u1eadt kh\u1ea9u.<\/li>\n<li>Ch\u1ee9ng ch\u1ec9 s\u1ed1 c\u1ee7a <strong>RADIUS Server<\/strong> kh\u00f4ng h\u1ee3p l\u1ec7 ho\u1eb7c \u0111\u00e3 h\u1ebft h\u1ea1n (N\u1ebfu d\u00f9ng PEAP\/EAP-TLS).<\/li>\n<li>Ch\u00ednh s\u00e1ch truy c\u1eadp tr\u00ean <strong>RADIUS Server<\/strong> kh\u00f4ng kh\u1edbp (v\u00ed d\u1ee5: ng\u01b0\u1eddi d\u00f9ng \u0111\u00f3 kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p truy c\u1eadp v\u00e0o th\u1eddi \u0111i\u1ec3m hi\u1ec7n t\u1ea1i).<\/li>\n<\/ol>\n<\/li>\n<li><strong>Kh\u1eafc ph\u1ee5c:<\/strong>\n<ul>\n<li><strong>Ki\u1ec3m tra nh\u1eadt k\u00fd RADIUS:<\/strong> \u0110\u00e2y l\u00e0 b\u01b0\u1edbc quan tr\u1ecdng nh\u1ea5t. Nh\u1eadt k\u00fd <strong>RADIUS Server<\/strong> (v\u00ed d\u1ee5: Event Viewer tr\u00ean Windows NPS) s\u1ebd cho bi\u1ebft ch\u00ednh x\u00e1c l\u00fd do t\u1eeb ch\u1ed1i (Bad Password, Certificate Revoked, Policy Mismatch).<\/li>\n<li><strong>Ki\u1ec3m tra ch\u1ee9ng ch\u1ec9:<\/strong> \u0110\u1ea3m b\u1ea3o <strong>RADIUS Server<\/strong> s\u1eed d\u1ee5ng Ch\u1ee9ng ch\u1ec9 s\u1ed1 tin c\u1eady v\u00e0 <strong>Supplicant<\/strong> \u0111\u00e3 tin t\u01b0\u1edfng nh\u00e0 cung c\u1ea5p Ch\u1ee9ng ch\u1ec9 \u0111\u00f3 (Root CA).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Loi-3-Van-de-ket-noi-giua-Authenticator-va-RADIUS-Server\"><\/span>L\u1ed7i 3: V\u1ea5n \u0111\u1ec1 k\u1ebft n\u1ed1i gi\u1eefa Authenticator v\u00e0 RADIUS Server<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Qu\u00e1 tr\u00ecnh <strong>802.1X <\/strong>kh\u00f4ng th\u1ec3 b\u1eaft \u0111\u1ea7u v\u00ec Switch (Authenticator) kh\u00f4ng th\u1ec3 g\u1eedi g\u00f3i tin RADIUS \u0111i.<\/p>\n<ul>\n<li><strong>Nguy\u00ean nh\u00e2n:<\/strong>\n<ol>\n<li>L\u1ed7i c\u1ea5u h\u00ecnh Shared Secret (Kh\u00f3a b\u00ed m\u1eadt chung) gi\u1eefa Switch v\u00e0 <strong>RADIUS Server<\/strong> (ph\u1ea3i kh\u1edbp 100%).<\/li>\n<li>T\u01b0\u1eddng l\u1eeda (Firewall) ch\u1eb7n c\u1ed5ng UDP 1812 (Authentication) ho\u1eb7c 1813 (Accounting) tr\u00ean \u0111\u01b0\u1eddng \u0111i.<\/li>\n<li>L\u1ed7i \u0111\u1ecbnh tuy\u1ebfn (Routing) t\u1eeb Switch \u0111\u1ebfn <strong>RADIUS Server<\/strong>.<\/li>\n<\/ol>\n<\/li>\n<li><strong>Kh\u1eafc ph\u1ee5c:<\/strong>\n<ul>\n<li>Ki\u1ec3m tra l\u1ea1i <strong>Shared Secret<\/strong> tr\u00ean c\u1ea3 hai thi\u1ebft b\u1ecb.<\/li>\n<li>S\u1eed d\u1ee5ng l\u1ec7nh <code>debug radius<\/code> tr\u00ean Switch \u0111\u1ec3 xem g\u00f3i tin RADIUS c\u00f3 \u0111\u01b0\u1ee3c g\u1eedi \u0111i v\u00e0 nh\u1eadn ph\u1ea3n h\u1ed3i hay kh\u00f4ng.<\/li>\n<li>\u0110\u1ea3m b\u1ea3o Firewall cho ph\u00e9p l\u01b0u l\u01b0\u1ee3ng UDP 1812 v\u00e0 1813 \u0111i qua.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Luu-y-quan-trong-khi-van-hanh-8021X\"><\/span>L\u01b0u \u00fd quan tr\u1ecdng khi v\u1eadn h\u00e0nh 802.1X<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li><strong>Ch\u00ednh s\u00e1ch d\u1ef1 ph\u00f2ng (Fallback Mechanism):<\/strong> Lu\u00f4n c\u1ea5u h\u00ecnh m\u1ed9t <strong>VLAN d\u1ef1 ph\u00f2ng (Critical VLAN)<\/strong>. N\u1ebfu Switch m\u1ea5t k\u1ebft n\u1ed1i v\u1edbi <strong>RADIUS Server<\/strong>, c\u00e1c c\u1ed5ng s\u1ebd chuy\u1ec3n sang VLAN n\u00e0y \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o c\u00e1c d\u1ecbch v\u1ee5 thi\u1ebft y\u1ebfu (nh\u01b0 \u0111i\u1ec7n tho\u1ea1i VoIP) v\u1eabn ho\u1ea1t \u0111\u1ed9ng, thay v\u00ec b\u1ecb ch\u1eb7n ho\u00e0n to\u00e0n.<\/li>\n<li><strong>\u0110\u1ed3ng b\u1ed9 th\u1eddi gian (Clock Sync):<\/strong> \u0110\u1ed9 tr\u1ec5 th\u1eddi gian (Clock Skew) gi\u1eefa <strong>Supplicant<\/strong> v\u00e0 <strong>RADIUS Server<\/strong> c\u00f3 th\u1ec3 l\u00e0m h\u1ecfng qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c, \u0111\u1eb7c bi\u1ec7t khi s\u1eed d\u1ee5ng Ch\u1ee9ng ch\u1ec9 s\u1ed1. \u0110\u1ea3m b\u1ea3o t\u1ea5t c\u1ea3 thi\u1ebft b\u1ecb \u0111\u1ec1u \u0111\u1ed3ng b\u1ed9 v\u1edbi NTP Server.<\/li>\n<li><strong>Th\u1eed nghi\u1ec7m t\u1eebng b\u01b0\u1edbc:<\/strong> Kh\u00f4ng n\u00ean b\u1eadt <strong>802.1X<\/strong>\u00a0cho to\u00e0n b\u1ed9 m\u1ea1ng c\u00f9ng m\u1ed9t l\u00fac. H\u00e3y th\u1eed nghi\u1ec7m tr\u00ean m\u1ed9t nh\u00f3m nh\u1ecf ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c m\u1ed9t v\u00e0i c\u1ed5ng Switch, sau \u0111\u00f3 m\u1edf r\u1ed9ng d\u1ea7n.<\/li>\n<\/ol>\n<p>Vi\u1ec7c v\u1eadn h\u00e0nh <strong>802.1X<\/strong>\u00a0\u0111\u00f2i h\u1ecfi s\u1ef1 hi\u1ec3u bi\u1ebft s\u00e2u s\u1eafc v\u1ec1 giao th\u1ee9c v\u00e0 kh\u1ea3 n\u0103ng kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 d\u1ef1a tr\u00ean nh\u1eadt k\u00fd c\u1ee7a <strong>RADIUS Server<\/strong>. \u0110\u00e2y l\u00e0 k\u1ef9 n\u0103ng b\u1eaft bu\u1ed9c \u0111\u1ed1i v\u1edbi m\u1ecdi k\u1ef9 s\u01b0 m\u1ea1ng mu\u1ed1n qu\u1ea3n l\u00fd h\u1ea1 t\u1ea7ng b\u1ea3o m\u1eadt.<\/p>\n<figure id=\"attachment_34367\" aria-describedby=\"caption-attachment-34367\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-34367\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Xu-ly-loi-thuong-gap.jpg\" alt=\"X\u1eed l\u00fd l\u1ed7i th\u01b0\u1eddng g\u1eb7p\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Xu-ly-loi-thuong-gap.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Xu-ly-loi-thuong-gap-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/10\/Xu-ly-loi-thuong-gap-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-34367\" class=\"wp-caption-text\">X\u1eed l\u00fd l\u1ed7i th\u01b0\u1eddng g\u1eb7p<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Tong-ket\"><\/span>T\u1ed5ng k\u1ebft<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Qua b\u00e0i vi\u1ebft n\u00e0y, InterData \u0111\u00e3 cung c\u1ea5p c\u00e1i nh\u00ecn to\u00e0n di\u1ec7n v\u1ec1 ti\u00eau chu\u1ea9n <strong>802.1X<\/strong>, t\u1eeb \u0111\u1ecbnh ngh\u0129a, c\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng ph\u1ee9c t\u1ea1p d\u1ef1a tr\u00ean <strong>EAP<\/strong> v\u00e0 <strong>RADIUS Server<\/strong>, \u0111\u1ebfn c\u00e1c \u1ee9ng d\u1ee5ng th\u1ef1c ti\u1ec5n trong vi\u1ec7c ph\u00e2n nh\u00f3m ng\u01b0\u1eddi d\u00f9ng v\u1edbi <strong>VLAN \u0111\u1ed9ng<\/strong>.<\/p>\n<p><strong>802.1X<\/strong>\u00a0kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t giao th\u1ee9c, m\u00e0 l\u00e0 m\u1ed9t chi\u1ebfn l\u01b0\u1ee3c b\u1ea3o m\u1eadt truy c\u1eadp l\u1edbp 2 kh\u00f4ng th\u1ec3 thi\u1ebfu. N\u00f3 n\u00e2ng cao kh\u1ea3 n\u0103ng ki\u1ec3m so\u00e1t danh t\u00ednh, \u0111\u01a1n gi\u1ea3n h\u00f3a vi\u1ec7c qu\u1ea3n l\u00fd ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt, v\u00e0 l\u00e0 r\u00e0o c\u1ea3n \u0111\u1ea7u ti\u00ean v\u1eefng ch\u1eafc nh\u1ea5t ch\u1ed1ng l\u1ea1i c\u00e1c truy c\u1eadp tr\u00e1i ph\u00e9p \u1edf bi\u00ean m\u1ea1ng c\u1ee7a b\u1ea1n.<\/p>\n<p>Vi\u1ec7c tri\u1ec3n khai <strong>802.1X authentication<\/strong> l\u00e0 m\u1ed9t d\u1ef1 \u00e1n \u0111\u00f2i h\u1ecfi s\u1ef1 chu\u1ea9n b\u1ecb k\u1ef9 l\u01b0\u1ee1ng v\u1ec1 c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng (PKI, <strong>RADIUS Server<\/strong>) v\u00e0 c\u1ea5u h\u00ecnh thi\u1ebft b\u1ecb m\u1ea1ng. Tuy nhi\u00ean, l\u1ee3i \u00edch v\u1ec1 an ninh m\u00e0 n\u00f3 mang l\u1ea1i l\u00e0 ho\u00e0n to\u00e0n x\u1ee9ng \u0111\u00e1ng v\u1edbi c\u00f4ng s\u1ee9c b\u1ecf ra.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>802.1X l\u00e0 ti\u00eau chu\u1ea9n b\u1ea3o m\u1eadt c\u1ee7a IEEE cho ph\u00e9p ki\u1ec3m so\u00e1t truy c\u1eadp m\u1ea1ng d\u1ef1a tr\u00ean danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c thi\u1ebft b\u1ecb. B\u00e0i vi\u1ebft n\u00e0y InterData s\u1ebd gi\u00fap b\u1ea1n hi\u1ec3u r\u00f5 giao th\u1ee9c 802.1X l\u00e0 g\u00ec, c\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a ti\u00eau chu\u1ea9n x\u00e1c th\u1ef1c 802.1X, vai tr\u00f2 c\u1ee7a c\u00e1c th\u00e0nh ph\u1ea7n Supplicant \u2013<\/p>\n","protected":false},"author":27,"featured_media":34719,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83],"tags":[],"class_list":["post-34312","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bao-mat-an-ninh-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/34312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=34312"}],"version-history":[{"count":7,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/34312\/revisions"}],"predecessor-version":[{"id":34717,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/34312\/revisions\/34717"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/34719"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=34312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=34312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=34312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}