1.4.In this blog post, I will be going over 802.1x VLAN User Distribution (sometimes referred to as “VLAN Groups”) in Cisco IOS and a use case scenario that involves Cisco ISE (Identity Services Engine).įirst, some background around VLAN Groups.OSPF Generic TTL Security Mechanism (GTSM).OSPF Network Type: Point-to-Multipoint Non-Broadcast.
1.2.g: Manual summarization with any routing protocol.
1.2.f: Route filtering with any routing protocol.Introduction to Administrative Distance (AD).In the picture above an unknown user plugged in a cable to the switch. If your credentials are OK the port will be unblocked and you will be granted access to the network.Ĩ02.1X is the mechanism that will block or unblock the interface. The only thing the user is allowed to do is send his/her credentials which will be forwarded to the AAA server. The fa0/1 interface on SW1 will be blocked and you are not even getting an IP address. The idea behind AAA is that a user has to authenticate before getting access to the network. Accounting: Used for billing and auditing.Authorization: What is the user allowed to do? what resources can he/she access?.Authentication: Verify the identity of the user, who are you?.One way of dealing with issues like this is to use AAA.ĪAA stands for Authentication, Authorization and Accounting: The router is doing NAT so you will only see one IP address, this is something you can’t prevent with port security. It’s hard to detect because on the switch you’ll only see one MAC address. An access point like this is called a rogue access point and this is something you DON’T want to see on your network. Network users might bring their own wireless router from home and connect it to the switch so they can share wireless internet with all their colleagues. Let me show you an example why you might want this for your switches: When it comes to securing the network, AAA and 802.1X authentication are two powerful tools we can use.
0 kommentar(er)
