TCG's policy enforcement points equate in Cisco's architecture to network access devices. The real focus of the current version of Cisco's Network Admission Control is endpoint-security assessment - the authentication that comes out of the 802.1X dialog is really a fortunate side effect.Īs a dominant manufacturer of switches, routers and VPN devices, Cisco is shouldered with the difficult task of incorporating Network Admission Control into its devices.
#CISCO SECURE ACCESS CONTROL SYSTEM ALTERNATIVE SOFTWARE#For wireless 802.1X, network managers will have to replace the freeware Cisco Trust Agent 802.1X with a different 802.1X supplicant from Meetinghouse Data Communications or Funk Software (now Juniper). #CISCO SECURE ACCESS CONTROL SYSTEM ALTERNATIVE FREE#This lack of symmetry between 802.1X and UDP versions of Cisco's Network Admission Control means that access and authentication are handled differently depending on whether you are connecting via LAN, wireless LAN or over a VPN tunnel.Ī further symptom of this unequal support is the lack of wireless support in the free Cisco Trust Agent. Instead, the user has to be authenticated via some other mechanism, and the authentication and user credentials are no longer tightly tied to the security policy for that user. When used with UDP, Cisco's NAC no longer does authentication. In the 802.1X case, EAP includes authentication and endpoint security assessment information. The critical difference between the 802.1X and UDP versions of Cisco's EAP, however. With this dual protocol support, when an end system tries to access the network using a method other than 802.1X, such as a VPN client or someone coming in through a non-802.1X switch, the EAP traffic travels over UDP instead of directly in Ethernet frames. With EAP-FAST in place, Cisco can include 802.1X authentication as well as endpoint-security assessment information wrapped inside the EAP protocol.īecause Cisco wants its product line to work with more than 802.1X-enabled switches, Cisco Trust Agent has EAP-over-802.1X and EAP-over-User Datagram Protocol ( UDP) support. While EAP was designed by the IETF for authentication and is used in most 802.1X deployments, Cisco has developed its own proprietary (but publicly disclosed) EAP method, called EAP-FAST (Flexible Authentication via Secure Tunneling). At the lowest layer, Cisco selected the Extensible Authentication Protocol (EAP). Cisco has had to get serious about the protocols needed to handle Network Admission Control.
0 Comments
Leave a Reply. |
AuthorAlicia ArchivesCategories |