12-05-2020 08:18 PM - edited 12-05-2020 08:20 PM
Hello everyone,
Please consider the following example:
Radius-server------Router port2-----port2-SW-port1---work station
Above, we have:
SW with dot1x enabled on port1. This will ensure only authorized work station can connect to network.
But if some one just take the cable on port2 on SW, and attach rogue work station , then it can gain access to network i.e.:
Radius-server------Router port2------ Rogue work station.
Can we do following to overcome this ?
1) We install CA certs on SW.
2) We enable dot1x on router port2.
3) When SW is connected to port2 on router, it will be subject to machine authentication using dot1x. Therefore if any rogue device is connected to port2 on router, it will be denied access.
The only thing I am thinking is dot1x is supposed to deployed at the access layer.
Any thoughts?
Thanks and have a good day!!
Solved! Go to Solution.
12-05-2020 11:33 PM
12-05-2020 11:33 PM
12-06-2020 04:33 AM
802.1x is L2 security, you need L3 security to protect router and that can achieve via acl.
config acl in way even if rogue is bypass L2 it will failed to pass L3.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide