Identity-Based Networking
Services with 802.1X
The Cisco Identity-Based Networking Services (IBNS) is a technology band-aid that can
improve the aegis of concrete and analytic admission to LANs. IBNS incorporates all the
capabilities authentic in the IEEE 802.1X affidavit standard, and it provides
enhancements to accomplish 802.1X technology accessible to deploy. In accession to 802.1X, IBNS
focuses on added affidavit techniques and affiliation with added advanced
technologies. Ultimately, IBNS delivers LAN admission control. The mechanisms to provide
this ascendancy are codicillary on identification, authentication, and authorization. For IBNS,
identity claims charge be absolute through authentication, while accouterment differentiated
service levels.
When it comes to IBNS, chase these three best practices (or principles) for security,
authorization, and visibility:
• Keep outsiders out per authentic aegis action in abutment of efforts to control
rogue devices. This helps assure adjoin fraud, annexation of service, and eliminates
unauthorized access. In today’s networking environments, there are methods for an
unsecured accessory or user to accretion arrangement access. Aegis perimeters are diminishing
with adaptable users, onsite visitors, accomplice connections, and on-demand technologies.
• Keep assembly honest. A arrangement anchorage can be accustomed through assorted levels. So,
controlling area a user can go and what he can do all the way to the bend becomes
compelling to consider.
• Increase afterimage with who plugs into a networked environment. This enables
businesses to bigger apperceive who they absolutely do business with and provides
accountability for a LAN ambiance in abutment of any arrangement analysis or reporting
infrastructure.
Foundation
There are accretion demands aloft today’s networks with the charge to allotment information
within an alignment and with vendors or customers. Along with arrangement access, security
has become the top priority. Preventing counterfeit devices, such as unauthorized
hubs, and rogue accessories from accessing a arrangement while affair the needs of a flexible
environment are now paramount.
274 Chapter 17: Identity-Based Networking Services with 802.1X
Additionally, enterprises charge to abbreviate the adverse appulse of alien users by requiring
them to admission the arrangement through a gateway. Then, users can be operationally categorized
in abutment of aerial admission control. The IEEE 802.1X accepted helps install the dialup
networking archetypal into a LAN media for such admission ascendancy to arrangement layers rather than
to a distinct domain. The 802.1X accepted for port-based arrangement ascendancy has become the
standard adjustment for Layer 2 affidavit access—not alone with wireless, but with the
wired ports. It is additionally a amount technology basic in abutment of port-based admission control.
802.1X allows the activating agreement of admission ports and accouterments the corporate
security action on the anchorage level. An 802.1X supplicant represents a user or accessory needing
to attain account from a arrangement system. It is appropriate to accredit to an authentication
server through a arrangement admission device. 802.1X can additionally accommodate admission ascendancy on multiple
levels of user access, which makes it the aboriginal aspect of arrangement security. 802.1X helps
reduce all-embracing risk, adds value, and removes operational amount from a business because of its
logical arrangement bury while announcement security. Corporate strategies that require
network-access ascendancy charge to accommodate 802.1X.