That's exactly my argument at the moment, but I thought I'd reach out to minds brighter than mine to see if I've missed something somewhere.
Sent from my iPhone On Mar 13, 2012, at 9:12 AM, Nick Hilliard <n...@foobar.org> wrote: > On 13/03/2012 12:59, Joe Freeman wrote: >> I'm working on a design for a public cloud offering and the security guys >> are screaming that I need to implement network access control (from what >> they describe, it's 802.1x) in the underlying network as they claim the >> VRF/MPLS/VPLS/vlan model doesn't scale well in a cloud. > > There are many scaling issues associated with virtualised environments, > that's for sure. > >> That all news to me. I've been doing SP networks for a long time, but have >> never heard of a requirement for the SP to maintain 802.1x across the >> network, with a master AD/Radius instance controlling access to the network >> by customers and hosted servers. > > Tell your security people that as soon as there are cloud systems which > provide L2 environments which support .1x to the client, that you'll > certainly look at them. But that in the interim, you have a business to run. > > As an almost unrelated aside (as this argument seems to be completely > political rather than technical in nature), I'm completely failing to > understand how .1x is relevant to your virtual network security. Most > environments these days support at least some level of mac address spoofing > control, which is all you really need. .1x is useful for large campuses > and enterprise environments, but it really isn't relevant at all to virtual > hosting so far as I can see. > > Nick > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/