Working with Accessories Butterfingers of 802.1X
Today, 802.1X is the recommended port-based affidavit adjustment at the admission band in
enterprise networks.
290 Chapter 17: Identity-Based Networking Services with 802.1X
However, not all accessories accept an 802.1X-supplicant adequacy anchored into their
operating arrangement (OS). For example, best printers, IP phones, fax machines, and so on do
not accept this capability, but they still charge to be accustomed into the arrangement alike without
802.1X authentication. A added affidavit abode should be active as the
basis of the nonresponsive host affair with 802.1X. This solution-based affection set is MAC
Authentication Bypass (MAB). IBNS additionally focuses on audience who do not acquire 802.1X
capability or whose 802.1X adequacy adeptness be briefly abeyant to abutment mobility
into environments area the end user/client adeptness not be contrarily accepted to the
authentication basement in advance. When 802.1X is implemented in such an
environment, you about charge the adeptness to dynamically accouterment alone MAC
addresses (without impacting account availability) for arrangement affidavit of
nonresponsive devices, such as printers, videoconferencing units, accessory receivers, faxes,
and so on. MAB controls arrangement admission based on a MAC address. MAB’s goals are to
provide arrangement admission ascendancy on a anchorage base based on a MAC abode and to dynamically
apply action to a applicant affair based on a MAC address.
The Guest-VLAN adeptness additionally accommodate admission for audience butterfingers of 802.1X and area the
client MAC abode adeptness be alien in advance. Although originally advised as a
deployment enabled for 802.1X-supplicant functionality on end stations, the Guest-VLAN
also provides an advantage for adaptable bedfellow users.