ieee 802 1
play

IEEE 802.1 Port-based Network Access Control Jeff Hayes Product - PowerPoint PPT Presentation

Dec 15, 2023 •348 likes •483 views

IEEE 802.1 Port-based Network Access Control Jeff Hayes Product Manager - Xylan jeff.hayes@xylan.com 1 2 June 1999 - 802.1 - Coeur dAlene Network Access Control What? $XWKHQWLFDWHG $XWKHQWLFDWHG 8VHUV 8VHUV distributed

  1. IEEE 802.1 Port-based Network Access Control Jeff Hayes Product Manager - Xylan jeff.hayes@xylan.com 1 2 June 1999 - 802.1 - Coeur d’Alene

  2. Network Access Control • What? $XWKHQWLFDWHG $XWKHQWLFDWHG 8VHUV 8VHUV – distributed security – authenticate users at the switch port switch – once authenticated, operates at LAN speed – leverage common authentication systems • RADIUS • DIAMETER • LDAP compliant $XWKHQWLFDWLRQ $XWKHQWLFDWLRQ 6HUYHU directory servers 6HUYHU • NOS 2 2 June 1999 - 802.1 - Coeur d’Alene

  3. Network Access Control • Why? – Perimeter security • access control at the edge – Not all users created equal • trust all; really trust only a few – Not all networks created equal • some require extra access control measures 3 2 June 1999 - 802.1 - Coeur d’Alene

  4. Network Access Control • Applications – distributed user Authenticated Authenticated authentication Users Users • not device switch • edge access control – user mobility with campus setting – leveraged by single switch switch sign-on systems • one ID/pswd, entered one-time Authentication Authentication Server Server 4 2 June 1999 - 802.1 - Coeur d’Alene

  5. Network Access Control • Market Demand – user authentication in enterprises • key departments (HR, Finance) • open computing environments (partners, visitors) – network ingress security • access control distributed to the edge – key verticals are ideal for switch access control • security conscience environments • mobile users • semi-public work environments 5 2 June 1999 - 802.1 - Coeur d’Alene

  6. Key Vertical: University Goal – authenticated open Goal – authenticated open computing computing ��������� • Broad facilities $XWKHQWLFDWLRQ – central campus, satellites & 6HUYHU dorms &DPSXV • Different user types 'HSDUWPHQWDO %DFNERQH 6XEQHWV – students - dorms, classrooms & library – faculty - offices & classes $FFHVV &RQWURO – admin - offices • IP addressing - DHCP ,QWHUQHW 6DWHOOLWH &DPSXV • Filter between private nets 6 2 June 1999 - 802.1 - Coeur d’Alene

  7. Key Vertical: Medical Goal – patient & research Goal – patient & research Patient Records & Accounting confidentiality confidentiality • Facilities – in/out patient hospital – research labs • Users – MDs, nurses, admins Hospital – research Phds & techs • Policy – authenticate into key subnets – filter / firewall internal Research traffic 7 2 June 1999 - 802.1 - Coeur d’Alene

  8. Key Vertical: Carrier Goal – secure, multi-layer secure, multi-layer Goal Internet access Internet access • users connect to network – via DSL or cable DSL or Cable • users authenticate at the ��� NSP’s POP – RADIUS – multiple authorities – one user per switch port • access multiple out- sourced services ISP 1 ISP 2 ISP 3 – separate billing 8 2 June 1999 - 802.1 - Coeur d’Alene

  9. Key Administration Issues • Ethernet-only ingress; any egress interface – No authentication needed for inter-switch ports • Configurable on a per port basis – not all switch ports must be authenticated ports • Log-off, aging and inactivity timer options – re-authenticate according to policy • Transparent to authentication server type – authenticator can request more information before determining the mechanism – smart cards, Kerberos, PKI, 1-time pswd, etc. 9 2 June 1999 - 802.1 - Coeur d’Alene

  10. Key Administration Issues • Multiple VLAN membership options – some want a MAC-based option = more control – authenticate into authorized VLAN = choice – client does DHCP after authentication • Mobility – same look & feel regardless of campus location – mixed vendor enviro=common user experience – many users need both non-auth access and auth access, depending on local port 10 2 June 1999 - 802.1 - Coeur d’Alene

  11. Other possible considerations • Core spec for the authentication process • Section/Appendix for port-based authentication – all or nothing / open or closed • Section/Appendix for MAC-based authentication – VLAN membership control (IP unicast, IP multicast, IPX, AT, etc.) 11 2 June 1999 - 802.1 - Coeur d’Alene

  12. Summary • Xylan believes a standards-based switch access authentication method is required • Key verticals markets have expressed a definite need for this capability – extra layer of security at the network edge • Although port based access may be easier to implement, do not discount the control layer-2 mechanisms offer • Xylan will support the approved spec 12 2 June 1999 - 802.1 - Coeur d’Alene

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 IEEE 802.15.4 PHY IEEE 802.15.4 PHY Features Receiver Energy Detection

1 IEEE 802.15.4 PHY IEEE 802.15.4 PHY Features Receiver Energy Detection

Structure of Presentation Introduction 8 0 2.15.4 and Zigbee IEEE 812.15.4 WPAN IEEE 802.15.4 PHY IEEE 802.15.4 MAC Zigbee Routing Layer Kevin Klues Department of Computer Science and Engineering 2 Introduction Zigbee and

863 views • 6 slides
IEEE OU Analytics Training Presentation 2017 IEEE OU Analytics Welcome to the new IEEE OU

IEEE OU Analytics Training Presentation 2017 IEEE OU Analytics Welcome to the new IEEE OU

IEEE OU Analytics Training Presentation 2017 IEEE OU Analytics Welcome to the new IEEE OU Analytics This training guide will assist you in becoming familiar with the new tool being transitioned for both IEEE Volunteers and Staff through

1.57k views • 43 slides
IEEE 802.1Qau Congestion IEEE 802.1Qau Congestion Notification Notification Pat Thaler IEEE

IEEE 802.1Qau Congestion IEEE 802.1Qau Congestion Notification Notification Pat Thaler IEEE

IEEE 802.1Qau Congestion IEEE 802.1Qau Congestion Notification Notification Pat Thaler IEEE 802.1 Congestion Management Chair pthaler@broadcom.com Agenda Agenda IEEE 802.1Qau PAR Project Authorization Request IEEE equivalent of

1.55k views • 33 slides
5G Standardization in IEEE: Opportunities for all Robert S. Fish, V.P. Standards Activities IEEE

5G Standardization in IEEE: Opportunities for all Robert S. Fish, V.P. Standards Activities IEEE

5G Standardization in IEEE: Opportunities for all Robert S. Fish, V.P. Standards Activities IEEE Communications Society rob dot fish at ieee dot org IEEE 5G Summit May 26, 2015 IEEE 5G Standards: Goals To identify standardization

790 views • 12 slides
W ITH RECENT widespread deployment of new peer- MSS and the MHs could become a scalability

W ITH RECENT widespread deployment of new peer- MSS and the MHs could become a scalability

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 25, NO. 1, JANUARY 2007 179 GroCoca: Group-based Peer-to-Peer Cooperative Caching in Mobile Environment Chi-Yin Chow, Student Member, IEEE, Hong Va Leong, Member, IEEE Computer Society, IEEE

681 views • 13 slides
IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and

IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and

IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and Standards Activities 1 IEEE 5G Vision IEEE, like many other organizations, believes that 5G ecosystem is rather large and will cover many

367 views • 9 slides
An Engineering guide to IEEE 802.1Q and IEEE 802.1p Silvano Gai 1/6/99 Silvano Gai - 1998 1

An Engineering guide to IEEE 802.1Q and IEEE 802.1p Silvano Gai 1/6/99 Silvano Gai - 1998 1

An Engineering guide to IEEE 802.1Q and IEEE 802.1p Silvano Gai 1/6/99 Silvano Gai - 1998 1 Agenda VLAN IEEE 802 committees IEEE 802.1p IEEE 802.1Q The Cisco solution 1/6/99 Silvano Gai - 1998 2 Compass VLAN N

838 views • 56 slides
T HE ability to locate people and assets, to navigate beyond exhaustive search over subsets of

T HE ability to locate people and assets, to navigate beyond exhaustive search over subsets of

1 A Machine Learning Approach to Ranging Error Mitigation for UWB Localization Henk Wymeersch, Member, IEEE , Stefano Maran, Student Member, IEEE , Wesley M. Gifford, Student Member, IEEE , Moe Z. Win, Fellow, IEEE Abstract Location-awareness

429 views • 9 slides
T routing tables have grown to hundreds of thousands of HE rapid growth of Internet traffic

T routing tables have grown to hundreds of thousands of HE rapid growth of Internet traffic

784 IEEE TRANSACTIONS ON COMPUTERS, VOL. 59, NO. 6, JUNE 2010 Priority Tries for IP Address Lookup Hyesook Lim, Member , IEEE , Changhoon Yim, Member , IEEE , and Earl E. Swartzlander, Jr., Fellow , IEEE Abstract High-speed IP address lookup

217 views • 11 slides
P passes it to the TCAM coprocessor for classification. A ACKET classification has been recognized

P passes it to the TCAM coprocessor for classification. A ACKET classification has been recognized

902 IEEE TRANSACTIONS ON COMPUTERS, VOL. 57, NO. 7, JULY 2008 DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors Hao Che, Senior Member , IEEE , Zhijun Wang, Kai Zheng, Member , IEEE , and Bin Liu, Member , IEEE Abstract One of the

578 views • 14 slides
C OMPARED with a structured P2P network [18], [23], [30], technique causes the unstructured P2P

C OMPARED with a structured P2P network [18], [23], [30], technique causes the unstructured P2P

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 17, NO. 10, OCTOBER 2006 1097 DiCAS: An Efficient Distributed Caching Mechanism for P2P Systems Chen Wang, Student Member , IEEE , Li Xiao, Member , IEEE , Yunhao Liu, Member , IEEE ,

606 views • 13 slides
Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE

Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE

Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE 1588 Boundary, Ordinary, or Transparent Clock Geoffrey M. Garner Samsung Advanced Institute of Technology (SAIT), Consultant (SAIT) Consultant

580 views • 39 slides
R EALISTIC modeling and rendering of surface-light inter- BTF data is tied to the geometry surface

R EALISTIC modeling and rendering of surface-light inter- BTF data is tied to the geometry surface

IEEE TRANSACTIONS ON VISUALIZATION AND COMPUTER GRAPHICS, VOL. 13, NO. 5, SEPTEMBER/OCTOBER 2007 953 Tileable BTF Man-Kang Leung, Wai-Man Pang, Student , IEEE , Chi-Wing Fu, Member , IEEE , Tien-Tsin Wong, Member , IEEE Computer Society , and

558 views • 13 slides
IEEE Report Formatting Walking Through the Format Introduction Reasons for IEEE

IEEE Report Formatting Walking Through the Format Introduction Reasons for IEEE

IEEE Report Formatting Walking Through the Format Introduction Reasons for IEEE Formatting Submission to Conferences and Symposiums Template for Future Research http://www.ieee.org/documents/MSW_USltr_format.doc Title

530 views • 10 slides
OR IEEE RAS Robotics and Automation Society June 12, 2018 Dr. Edward C. Epp Oregon IEEE RAS

OR IEEE RAS Robotics and Automation Society June 12, 2018 Dr. Edward C. Epp Oregon IEEE RAS

2018 Chapter Report : OR IEEE RAS Robotics and Automation Society June 12, 2018 Dr. Edward C. Epp Oregon IEEE RAS Chair Outline Oregon IEEE RAS Goals Targeted Technology Drivers Oregon IEEE RAS Activities 6/8/18 Epp Oregon

158 views • 14 slides
Best Practices Wiki Ruth Duerr NSIDC, IEEE Jay Pearlman, IEEE Siri Jodha Singh Khalsa, IEEE

Best Practices Wiki Ruth Duerr NSIDC, IEEE Jay Pearlman, IEEE Siri Jodha Singh Khalsa, IEEE

Best Practices Wiki Ruth Duerr NSIDC, IEEE Jay Pearlman, IEEE Siri Jodha Singh Khalsa, IEEE Report to GEO Committees May 2008 What is a best practice? Best practices can be in outreach and capacity building, observation techniques or

440 views • 14 slides
Role of Passive Sampling and Porewater Remedial Guidelines (PWRGs) in Long-term Monitoring (Part

Role of Passive Sampling and Porewater Remedial Guidelines (PWRGs) in Long-term Monitoring (Part

Contaminated Sediments Virtual Workshop: Session 4: Long-term Monitoring Role of Passive Sampling and Porewater Remedial Guidelines (PWRGs) in Long-term Monitoring (Part 1) ROBERT M BURGESS U.S. ENVIRONMENTAL PROTECTION AGENCY, ORD/NHEERL,

371 views • 14 slides
Efficiently intertwining widening and narrowing Kalmer Apinis Helmut Seidl Vesal Vojdani

Efficiently intertwining widening and narrowing Kalmer Apinis Helmut Seidl Vesal Vojdani

Efficiently intertwining widening and narrowing Kalmer Apinis Helmut Seidl Vesal Vojdani Gianluca Amato Francesca Scozzari Kalmer Apinis Rogosi, 2015 2 The Plan Static analysis ` a la Bourdoncle 1 Localized Widening & Narrowing

280 views • 26 slides
Climate Policy in the Post-Kyoto World. Incentives, Institutions and Equity Carlo Carraro

Climate Policy in the Post-Kyoto World. Incentives, Institutions and Equity Carlo Carraro

20th World Energy Congress, Enel Special Session Architectures for Agreement: Climate change policy post 2012 Rome, November 15, 2007 Climate Policy in the Post-Kyoto World. Incentives, Institutions and Equity Carlo Carraro University of

571 views • 31 slides
Tourism - big and growing Fact s (WTO 2005) 5% world GDP 6% world export s (and 30%

Tourism - big and growing Fact s (WTO 2005) 5% world GDP 6% world export s (and 30%

Tourism - big and growing Fact s (WTO 2005) 5% world GDP 6% world export s (and 30% of service export s) 200m employed Most t ourist s f rom - and t o - developed nat ions 2/3 of visitor arrivals plus 90% world travel

737 views • 41 slides
FDA Regulation of Blood Glucose Monitoring Systems Point of Care Group Webinar December 2015

FDA Regulation of Blood Glucose Monitoring Systems Point of Care Group Webinar December 2015

FDA Regulation of Blood Glucose Monitoring Systems Point of Care Group Webinar December 2015 Leslie Landree, Ph.D. Division of Chemistry and Toxicology Devices Office of In Vitro Diagnostics and Radiological Health Center for Devices and

789 views • 27 slides
Microorganisms and their func2on in nature Sef Heijnen,

Microorganisms and their func2on in nature Sef Heijnen,

Microorganisms and their func2on in nature Sef Heijnen, Department of Biotechnology, Faculty of Applied Sciences Microorganisms in impossible places OCEAN

764 views • 18 slides
Richard Hoshino and Ken-ichi Kawarabayashi N ATIONAL I NSTITUTE OF I NFORMATICS , T OKYO , J APAN

Richard Hoshino and Ken-ichi Kawarabayashi N ATIONAL I NSTITUTE OF I NFORMATICS , T OKYO , J APAN

Richard Hoshino and Ken-ichi Kawarabayashi N ATIONAL I NSTITUTE OF I NFORMATICS , T OKYO , J APAN COPLAS C ONFERENCE , J UNE 2011, F REIBURG , G ERMANY Outline of Presentation Context and Motivation Intra-league Scheduling for NPB (ICAPS)

772 views • 51 slides
2018 AGENDA 2018 Form and Subject Teachers School Goals School Rules Attendance

2018 AGENDA 2018 Form and Subject Teachers School Goals School Rules Attendance

Primary 1 Networking @Qifa 27 January 2018 AGENDA 2018 Form and Subject Teachers School Goals School Rules Attendance Homework Policy Communication Through SNAC Partnership With Parents Key Level Programmes &

1.08k views • 72 slides

More recommend