Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Mac authentication bypass deployment guide

Deployment Guide MAC Authentication Bypass Deployment Guide May ? Cisco and or its a ?liates All rights reserved This document is Cisco Public Information Page of CContents Introduction About MAB Bene ?ts and Limitations Functional Overview What Is MAB Session Initiation MAC Address Learning Session Authorization Session Accounting Session Termination Design Considerations MAC Address Discovery MAB Databases and RADIUS Servers Feature Interaction IEEE X Web Authentication Guest VLAN Authentication Failure VLAN Dynamic Guest and Authentication Failure VLAN Inaccessible RADIUS Server Dynamic ACL Assignment Dynamic VLAN Assignment Wake on LAN Open Access Multiple Endpoints per Port IP Telephony Cisco Catalyst Integrated Security Features RADIUS Accounting Deployment Scenarios Deployment Summary for MAB Conclusion For More Information Sample Con ?guration for Standalone MAB ? Cisco and or its a ?liates All rights reserved This document is Cisco Public Information Page of C Introduction The need for secure network access has never been greater In today's diverse workplaces consultants contractors and even guests require access to network resources over the same LAN connections as regular employees who may themselves bring unmanaged devices into the workplace As data networks become increasingly indispensable in day-to- day business operations the possibility that unauthorized people or devices will gain access to controlled or con ?dential information also increases The best and most secure solution to vulnerability at the access edge is to use the intelligence of the network One access control technique that Cisco provides is called MAC Authentication Bypass MAB MAB uses the MAC address of a device to determine what kind of network access to provide This document focuses on deployment considerations speci ?c to MAB To learn more about solution-level uses cases design and a phased deployment methodology see http www cisco com en US prod collateral iosswrel ps ps ps whitepaperC - html For step-by-step con ?guration guidance see http www cisco com en US prod collateral iosswrel ps ps ps Whitepaperc - html About MAB Bene ?ts and Limitations MAB o ?ers the following bene ?ts on wired networks Visibility MAB provides network visibility since the authentication process provides a way to link a device ? s IP address MAC address switch and port This visibility is useful for security audits network forensics network use statistics and troubleshooting Identity-based services MAB enables you to dynamically deliver customized services based on an endpoint ? s MAC address For example a device might be dynamically authorized for a speci ?c VLAN or assigned a unique access list that grants appropriate access for that device All the dynamic authorization techniques that work with IEEE X authentication will also work with MAB Access control at the edge MAB acts at Layer allowing you to control network access at the access edge Fallback or standalone authentication In a network that includes both devices that support and devices that do not support IEEE X MAB can be deployed as a fallback or complementary mechanism to IEEE X If the network does not have any IEEE X ??capable devices MAB