We will have MAB access for devices that don’t support 802.1x. We will also be
heavily relying on captive portaling to direct the user where they need to go
to get a cert via secureW2 and what not. MAB devices will not receive the full
access to our highest tier of protected data unless they a
If you have a NAC solution do you do port based auth?
Units may choose to activate NAC on ports of supporting equipment (drop down
menu for them in a web interface we provide). It supports both 802.1x and MAC
Address Bypass (MAB) with an on-boarding redirect portal.
To date there are only seve
We moved to “wired-auth” about 2 years ago. The original goal was to
authenticate every wired port and make it more consistent with wireless. It
comes down to tracking and accountability for access to our network. A very
happy outcome was it basically got rid of all moves/add/changes.
This is more for evolution. The ability to identify an unmanaged device and the
user connected allows us to direct what they are able to do.
The power given to our security group for enabling them to ensure only
authenticated clients are able to reach internal resources, as well as the
ability
Where wired 802.1X is a goal, have you seen real-world security issues happen
in your environments that this will solve, or is the target one of evolution
and prevention?
Lee Badman | Network Architect (CWNE#200)
Information Technology Services
(NDD Group)
206 Machinery Hall
120 Smith Drive
Syra
We are currently in the beginning of implementing NAC on the wire. We are using
a phased approach to ease clients into it.
Phase 1a) Introduce open MAC authentication to all ports, this helps verify
connectivity and licensing.
Phase 1b) Rollout certificate enrollment via AD and JAMF for EAP-TLS
1. If you have a NAC solution do you do port based auth?
* Yes. We use Clearpass to implement.
2. If you have a NAC solution do you do eap-tls? If so how are you handling
the certification “push” to devices?
* Yes our primary preferred authentication protocol is EAP-TLS, howev
Hi Lynn,
Curious about your high level service design for NAC with eap-tls coming soon.
We are in our infancy with NAC and are taking baby steps in our approach
towards no authentication, no access. Are you going to a more restrictive
service model with eap-tls? Are you thinking about a "no
We aren’t doing eap-tls other than our lab testing right now but talking to
multiple other universities, we decided to go with SecureW2 to do the
certificate creation and BYOD onboarding. It works great so far in our testing
and we plan to use it on our wired NAC. There’s the option to use the
Hello everyone,
Have a few questions as we do some research to add on to our NAC implementation
and trying to avoid issues or at least minimize them.
1. If you have a NAC solution do you do port based auth?
2. If you have a NAC solution do you do eap-tls? If so how are you handling
the c
10 matches
Mail list logo
