1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Encrypting Wireless Data with VPN Techniques
© 2003, Cisco Systems, Inc. All rights reserved..
Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.
802.1X Configuration Terena 802.1X workshop the Netherlands, Amsterdam, March 30 th Paul Dekkers.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
802.1x EAP Authentication Protocols
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
KIRAN CHAMARTHI NETWORK SECURITY
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
© 2004, Cisco Systems, Inc. All rights reserved.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Mobile and Wireless Communication Security By Jason Gratto.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
WIRELESS LAN SECURITY Using
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Ing. Peter Feciľak , KPI, FEI, TUKE.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
1 © 2004 Cisco Systems, Inc. All rights reserved. Emarin Terena IBNS Identity Based Networking Terena Rhodes, June 04 Eric Marin EMEA Consulting Engineer.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Network Access Control
© 2002, Cisco Systems, Inc. All rights reserved..
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Port Based Network Access Control
Implementing Network-Edge Security with 802.1x
Securing the Network Perimeter with ISA 2004
Presentation transcript:

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

2 © 2005 Cisco Systems, Inc. All rights reserved. Network Security 1 Module 7 – Configure Trust and Identity at Layer 2

3 © 2005 Cisco Systems, Inc. All rights reserved. Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication

4 © 2005 Cisco Systems, Inc. All rights reserved. Module 7 – Configure Trust and Identity at Layer Identity-Based Networking Services (IBNS)

5 © 2005 Cisco Systems, Inc. All rights reserved. Identity Based Network Services Cisco VPN Concentrators, IOS Routers, PIX Security Appliances Unified Control of User Identity for the Enterprise Router Internet Cisco Secure ACS Firewall VPN Clients Hard and Soft Tokens Remote Offices OTP Server

6 © 2005 Cisco Systems, Inc. All rights reserved. IBNS Benefits

7 © 2005 Cisco Systems, Inc. All rights reserved x Roles Authentication Server Authenticator Supplicant Exchanges of Extensible Authentication Protocol (EAP) messages. Between the supplicant and the authentication server. Authenticator acts as a transparent relay for this exchange and as a point of enforcement.

8 © 2005 Cisco Systems, Inc. All rights reserved x Features and Benefits

9 © 2005 Cisco Systems, Inc. All rights reserved x Topologies

10 © 2005 Cisco Systems, Inc. All rights reserved x Authenticator and Supplicant The perimeter router acts as the authenticator Internet Cisco Secure ACS Home Office The remote user’s PC acts as the supplicant

11 © 2005 Cisco Systems, Inc. All rights reserved x Components

12 © 2005 Cisco Systems, Inc. All rights reserved. How 802.1x Works

13 © 2005 Cisco Systems, Inc. All rights reserved. How 802.1x Works (Continued)

14 © 2005 Cisco Systems, Inc. All rights reserved. EAP Characteristics

15 © 2005 Cisco Systems, Inc. All rights reserved. EAP Selection Cisco Secure ACS supports the following varieties of EAP: EAP-MD5 – An EAP protocol that does not support mutual authentication. EAP-TLS – EAP incorporating Transport Layer Security (TLS). LEAP—An EAP protocol used by Cisco Aironet wireless equipment. LEAP supports mutual authentication. PEAP – Protected EAP, which is implemented with EAP-Generic Token Card (GTC) and EAP-MSCHAPv2 protocols. EAP-FAST – EAP Flexible Authentication via Secured Tunnel (EAP- FAST), a faster means of encrypting EAP authentication, supports EAP-GTC authentication.

16 © 2005 Cisco Systems, Inc. All rights reserved. Cisco LEAP

17 © 2005 Cisco Systems, Inc. All rights reserved. EAP-TLS

18 © 2005 Cisco Systems, Inc. All rights reserved. PEAP

19 © 2005 Cisco Systems, Inc. All rights reserved. How Does Basic Port Based Network Access Work?

20 © 2005 Cisco Systems, Inc. All rights reserved. ACS Deployment in a Small LAN

21 © 2005 Cisco Systems, Inc. All rights reserved. ACS Deployment in a Global Network

22 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Secure ACS RADIUS Response Cisco Secure ACS Cisco Catalyst Switch End User 802.1x RADIUS After a user successfully completes the EAP authentication process the Cisco Secure ACS responds to the switch with a RADIUS authentication- accept packet granting that user access to the network.

23 © 2005 Cisco Systems, Inc. All rights reserved. Module 7 – Configure Trust and Identity at Layer Configuring 802.1x Port-Based Authentication

24 © 2005 Cisco Systems, Inc. All rights reserved x Port-Based Authentication Configuration

25 © 2005 Cisco Systems, Inc. All rights reserved x Port-Based Authentication Configuration (Cont.)

26 © 2005 Cisco Systems, Inc. All rights reserved. Enabling 802.1x Authentication

27 © 2005 Cisco Systems, Inc. All rights reserved. Enabling 802.1x Authentication (Cont.)

28 © 2005 Cisco Systems, Inc. All rights reserved. Configuring Switch-to-RADIUS Communication radius-server host 172.l auth-port 1812 key rad123 Switch(config)# Configure the RADIUS server parameters on the switch.

29 © 2005 Cisco Systems, Inc. All rights reserved. Enabling Periodic Re-Authentication configure terminal Switch# Enter global configuration mode dot1x re-authentication Switch(config)# Enable periodic re-authentication of the client, which is disabled by default. dot1x timeout re-authperiod seconds Switch(config)# Set the number of seconds between re-authentication attempts.

30 © 2005 Cisco Systems, Inc. All rights reserved. Manually Re-Authenticating a Client Connected to a Port dot1x re-authenticate interface fastethernet0/12 Switch(config)# Starts re-authentication of the client.

31 © 2005 Cisco Systems, Inc. All rights reserved. Enabling Multiple Hosts configure terminal Switch# Enter global configuration mode interface fastethernet0/12 Switch(config)# Enter interface configuration mode, and specify the interface to which multiple hosts are indirectly attached. dot1x multiple-hosts Switch(config-if)# Allow multiple hosts (clients) on an 802.1x-authorized port.

32 © 2005 Cisco Systems, Inc. All rights reserved. Resetting the 802.1x Configuration to the Default Values configure terminal Switch# Enter global configuration mode dot1x default Switch(config)# Reset the configurable 802.1x parameters to the default values.

33 © 2005 Cisco Systems, Inc. All rights reserved. Displaying 802.1x Statistics show dot1x statistics Switch# Display 802.1x statistics show dot1x statistics interface interface-id Switch# Display 802.1x statistics for a specific interface.

34 © 2005 Cisco Systems, Inc. All rights reserved. Displaying 802.1x Status show dot1x Switch# Display 802.1x administrative and operational status. show dot1x interface interface-id Switch# Display 802.1x administrative and operational status for a specific interface.

35 © 2005, Cisco Systems, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.