I would like to enable 802.1x to replace an existing Cisco port security implementation. This will provide us a greater mobility as workstations are moved within the network.
Planning on using 802.x for devices that are on the AD domain and MAB for devices that don't either have in-built supplicants or not in the domain.
Can someone please advice if I am able to do this without using certificates? Would EAP work without having certificates? I see that when the Windows supplicant is being configured to enable 802.1x, it is asking for certificate.
You can do PEAP with Certificate Checking turned off. It's not as secure, but it would give you the option of user authentication without worrying about certificates at all. For the non-supplicant devices, you will have to have a database of MAC addresses ready to do MAB.
If you find this post helpful, please rate so others can find the answer easily
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...