802.1x and URT

tarun.pahuja · ‎01-20-2004

Folks,

We want to implement network level security within our Lan environment. I have been looking at different technologies Cisco has to offer. here are my thoughts. What i am looking for is security at the network level, that means when a user within our network plugs into a network port, he or she should be autheticates and or port in the appropriate Vlan.

1) Dot.1x works great, but the problem is that it kicks in only after the user has logged in to his PC using cached credentials. That means that we can not run login scripts or have roaming profiles in our network.

2) URT, sounds like a great product. But, is it an appliance? that means do we have to buy hardware or software license for it? i mean, i would like to evaluate it before i buy it. any expereince with this product by anyone on this forum? your feedback would be highly appreciated.

3) EAP using digital certificates? has anyone implemented that in their netwrk in conjuction with 802.1x authentication. Does this method impose problems with login scripts or roaming profiles?

Any other method that could be used to achieve port level security, Mac-addresses can easy be spoofed , so that is something we are not willing to consider.

Thanks,

chess · ‎01-22-2004

You can use Dot1X and have the machine authenticate to the network before the user even logs on. By going into the network properties and clicking the Authntication Tab and check the box that says to authenticate the machine. I assume you are using ACS and authenticating to the Domain.

We are currently using it and it is working great!