We want to implement network level security within our Lan environment. I have been looking at different technologies Cisco has to offer. here are my thoughts. What i am looking for is security at the network level, that means when a user within our network plugs into a network port, he or she should be autheticates and or port in the appropriate Vlan.
1) Dot.1x works great, but the problem is that it kicks in only after the user has logged in to his PC using cached credentials. That means that we can not run login scripts or have roaming profiles in our network.
2) URT, sounds like a great product. But, is it an appliance? that means do we have to buy hardware or software license for it? i mean, i would like to evaluate it before i buy it. any expereince with this product by anyone on this forum? your feedback would be highly appreciated.
3) EAP using digital certificates? has anyone implemented that in their netwrk in conjuction with 802.1x authentication. Does this method impose problems with login scripts or roaming profiles?
Any other method that could be used to achieve port level security, Mac-addresses can easy be spoofed , so that is something we are not willing to consider.
You can use Dot1X and have the machine authenticate to the network before the user even logs on. By going into the network properties and clicking the Authntication Tab and check the box that says to authenticate the machine. I assume you are using ACS and authenticating to the Domain.
We are currently using it and it is working great!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...