To gain access to a physical network, devices are authenticated by a superordinate entity. Authentication may be carried out with the IEEE 802.1X standard. Authentication may be carried out by an IEEE 802.1X-enabled switch, and the devices may be connected to the port of the IEEE 802.1X-enabled switch. The devices are identified by a Media Access Control address (MAC) address. As soon as a switch detects an unknown MAC address at a port or a physical connection has been interrupted, the associated device is re-authenticated, or the device is re-authenticated by the switch.
Virtualization solutions may be used not only in a server environment but also in the client area, thereby resulting in a client device having virtual interfaces with additional MAC addresses in addition to the physical network interfaces.
IEEE 802.1X-enabled switches that support multi-host authentication are known. Only the first access operation is authenticated. All other devices or virtual network interfaces connected to the same port of the switch may not be additionally authenticated.
IEEE 802.1X-enabled switches that support multi-domain authentication are also known. Each device or each network interface—including virtual network interfaces—is re-authenticated since virtual MAC addresses that may be seen in the physical network are unknown to the switch.
Similarly, in the automation environment, profinet devices may have a device-specific MAC address in addition to a MAC address for each network interface.