--> If the Supplicant does not support 802.1x then we have to non 802.1x authentication methods in the network.
Ex: IP Phones, Printers won't support 802.1x Authentication.
--> Following are the Non 802.1x authentication methods are used in the network
i) MAC Authentication Bypass
--> MAC Authentication Bypass is also called as MAB.
--> In the case of MAB, If the switch does not receive response for EAP Request Identity for 3 times (sends for every 30 seconds), then it will understand that supplicant wont support 802.1x.
--> In the case of MAB, the device is authenticated with MAC address. If the MAC address is found in the DATABASE of Radius Server then network access is allowed.
--> It is recommended not to give full network access to the devices which are authenticated with MAB because MAB is not secure, anyone can do MAC Address Spoofing.
ii) Local Web Authentication
--> Web Authentication is commonly referred as Web Auth.
--> This method is commonly used to provide access to the guests in the network.
--> Before getting access to the network user need to provide username/password via web portal.
--> Web Portal is created and stored in Switch or Wireless Controller.
--> The Username/Password is sent from Switch/ Wireless Controller to Radius Server.
--> Local Web Authentication does not support so many features such as Change of Authorization (COA), Acceptable Usage Policy, Password Changing Capabilities.
--> Most rarely implemented.
iii) Central Web Authentication
--> In the case of Central Web Authentication, the web portal is created and stored in Radius Server ( ISE or ACS).
--> It supports all the advance features, but it requires Activex, Java Applet to provide features ( because it does not have 802.1x supplicant).
--> It is most commonly implemented.
Ex: IP Phones, Printers won't support 802.1x Authentication.
--> Following are the Non 802.1x authentication methods are used in the network
i) MAC Authentication Bypass
--> MAC Authentication Bypass is also called as MAB.
--> In the case of MAB, If the switch does not receive response for EAP Request Identity for 3 times (sends for every 30 seconds), then it will understand that supplicant wont support 802.1x.
--> In the case of MAB, the device is authenticated with MAC address. If the MAC address is found in the DATABASE of Radius Server then network access is allowed.
--> It is recommended not to give full network access to the devices which are authenticated with MAB because MAB is not secure, anyone can do MAC Address Spoofing.
ii) Local Web Authentication
--> Web Authentication is commonly referred as Web Auth.
--> This method is commonly used to provide access to the guests in the network.
--> Before getting access to the network user need to provide username/password via web portal.
--> Web Portal is created and stored in Switch or Wireless Controller.
--> The Username/Password is sent from Switch/ Wireless Controller to Radius Server.
--> Local Web Authentication does not support so many features such as Change of Authorization (COA), Acceptable Usage Policy, Password Changing Capabilities.
--> Most rarely implemented.
iii) Central Web Authentication
--> In the case of Central Web Authentication, the web portal is created and stored in Radius Server ( ISE or ACS).
--> It supports all the advance features, but it requires Activex, Java Applet to provide features ( because it does not have 802.1x supplicant).
--> It is most commonly implemented.
0 comments:
Post a Comment