IEEE 802 LANs are deployed in networks that convey or provide access to critical data, that support mission critical applications, or that charge for service. Protocols that configure, manage, and regulate access to these networks and network-based services and applications typically run over the networks themselves. Port-based network access control regulates access to the network, guarding against transmission and reception by unidentified or unauthorized parties, and consequent network disruption, theft of service, or data loss.

Data frames are transmitted and received using the MAC Service specified in IEEE Std 802.1AC. Port-based network access control:

Uses the unsecured MAC Service provided by an end station or bridge port to support
A Controlled Port that provides secure access-controlled communication, and
An Uncontrolled Port used by authentication and key management protocols to initiate secure Controlled Port communication.
Requires mutual authentication of peer systems that wish to communicate through their Controlled Ports, specifying the use of the Extensible Authentication Protocol (EAP, RFC 3748) and its encapsulation over LANs (EAPOL).
Specifies the MACsec Key Agreement (MKA) protocol, supporting the use of IEEE Std 802.1AE MAC Security to cryptographically protect Controlled Port communication.