Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Published byHannah Porter Modified over 8 years ago

Similar presentations

Presentation on theme: "1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved."— Presentation transcript:

1 1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

2 2 © 2005 Cisco Systems, Inc. All rights reserved. Network Security 1 Module 7 – Configure Trust and Identity at Layer 2

3 3 © 2005 Cisco Systems, Inc. All rights reserved. Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication

4 4 © 2005 Cisco Systems, Inc. All rights reserved. Module 7 – Configure Trust and Identity at Layer 2 7.1 Identity-Based Networking Services (IBNS)

5 5 © 2005 Cisco Systems, Inc. All rights reserved. Identity Based Network Services Cisco VPN Concentrators, IOS Routers, PIX Security Appliances Unified Control of User Identity for the Enterprise Router Internet Cisco Secure ACS Firewall VPN Clients Hard and Soft Tokens Remote Offices OTP Server

6 6 © 2005 Cisco Systems, Inc. All rights reserved. IBNS Benefits

7 7 © 2005 Cisco Systems, Inc. All rights reserved. 802.1x Roles Authentication Server Authenticator Supplicant Exchanges of Extensible Authentication Protocol (EAP) messages. Between the supplicant and the authentication server. Authenticator acts as a transparent relay for this exchange and as a point of enforcement.

8 8 © 2005 Cisco Systems, Inc. All rights reserved. 802.1x Features and Benefits

9 9 © 2005 Cisco Systems, Inc. All rights reserved. 802.1x Topologies

10 10 © 2005 Cisco Systems, Inc. All rights reserved. 802.1x Authenticator and Supplicant The perimeter router acts as the authenticator Internet Cisco Secure ACS Home Office The remote user’s PC acts as the supplicant

11 11 © 2005 Cisco Systems, Inc. All rights reserved. 802.1x Components

12 12 © 2005 Cisco Systems, Inc. All rights reserved. How 802.1x Works

13 13 © 2005 Cisco Systems, Inc. All rights reserved. How 802.1x Works (Continued)

14 14 © 2005 Cisco Systems, Inc. All rights reserved. EAP Characteristics

15 15 © 2005 Cisco Systems, Inc. All rights reserved. EAP Selection Cisco Secure ACS supports the following varieties of EAP: EAP-MD5 – An EAP protocol that does not support mutual authentication. EAP-TLS – EAP incorporating Transport Layer Security (TLS). LEAP—An EAP protocol used by Cisco Aironet wireless equipment. LEAP supports mutual authentication. PEAP – Protected EAP, which is implemented with EAP-Generic Token Card (GTC) and EAP-MSCHAPv2 protocols. EAP-FAST – EAP Flexible Authentication via Secured Tunnel (EAP- FAST), a faster means of encrypting EAP authentication, supports EAP-GTC authentication.

16 16 © 2005 Cisco Systems, Inc. All rights reserved. Cisco LEAP

17 17 © 2005 Cisco Systems, Inc. All rights reserved. EAP-TLS

18 18 © 2005 Cisco Systems, Inc. All rights reserved. PEAP

19 19 © 2005 Cisco Systems, Inc. All rights reserved. How Does Basic Port Based Network Access Work?

20 20 © 2005 Cisco Systems, Inc. All rights reserved. ACS Deployment in a Small LAN

21 21 © 2005 Cisco Systems, Inc. All rights reserved. ACS Deployment in a Global Network

22 22 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Secure ACS RADIUS Response Cisco Secure ACS Cisco Catalyst Switch End User 802.1x RADIUS After a user successfully completes the EAP authentication process the Cisco Secure ACS responds to the switch with a RADIUS authentication- accept packet granting that user access to the network.

23 23 © 2005 Cisco Systems, Inc. All rights reserved. Module 7 – Configure Trust and Identity at Layer 2 7.2 Configuring 802.1x Port-Based Authentication

24 24 © 2005 Cisco Systems, Inc. All rights reserved. 802.1x Port-Based Authentication Configuration

25 25 © 2005 Cisco Systems, Inc. All rights reserved. 802.1x Port-Based Authentication Configuration (Cont.)

26 26 © 2005 Cisco Systems, Inc. All rights reserved. Enabling 802.1x Authentication

27 27 © 2005 Cisco Systems, Inc. All rights reserved. Enabling 802.1x Authentication (Cont.)

28 28 © 2005 Cisco Systems, Inc. All rights reserved. Configuring Switch-to-RADIUS Communication radius-server host 172.l20.39.46 auth-port 1812 key rad123 Switch(config)# Configure the RADIUS server parameters on the switch.

29 29 © 2005 Cisco Systems, Inc. All rights reserved. Enabling Periodic Re-Authentication configure terminal Switch# Enter global configuration mode dot1x re-authentication Switch(config)# Enable periodic re-authentication of the client, which is disabled by default. dot1x timeout re-authperiod seconds Switch(config)# Set the number of seconds between re-authentication attempts.

30 30 © 2005 Cisco Systems, Inc. All rights reserved. Manually Re-Authenticating a Client Connected to a Port dot1x re-authenticate interface fastethernet0/12 Switch(config)# Starts re-authentication of the client.

31 31 © 2005 Cisco Systems, Inc. All rights reserved. Enabling Multiple Hosts configure terminal Switch# Enter global configuration mode interface fastethernet0/12 Switch(config)# Enter interface configuration mode, and specify the interface to which multiple hosts are indirectly attached. dot1x multiple-hosts Switch(config-if)# Allow multiple hosts (clients) on an 802.1x-authorized port.

32 32 © 2005 Cisco Systems, Inc. All rights reserved. Resetting the 802.1x Configuration to the Default Values configure terminal Switch# Enter global configuration mode dot1x default Switch(config)# Reset the configurable 802.1x parameters to the default values.

33 33 © 2005 Cisco Systems, Inc. All rights reserved. Displaying 802.1x Statistics show dot1x statistics Switch# Display 802.1x statistics show dot1x statistics interface interface-id Switch# Display 802.1x statistics for a specific interface.

34 34 © 2005 Cisco Systems, Inc. All rights reserved. Displaying 802.1x Status show dot1x Switch# Display 802.1x administrative and operational status. show dot1x interface interface-id Switch# Display 802.1x administrative and operational status for a specific interface.

35 35 © 2005, Cisco Systems, Inc. All rights reserved.

Download ppt "1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved."

Similar presentations

Authentication.

Authentication.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.

Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.
802.1X Configuration Terena 802.1X workshop the Netherlands, Amsterdam, March 30 th Paul Dekkers.

802.1X Configuration Terena 802.1X workshop the Netherlands, Amsterdam, March 30 th Paul Dekkers.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Implementing Secure Converged Wide Area Networks (ISCW)
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
KIRAN CHAMARTHI NETWORK SECURITY

KIRAN CHAMARTHI NETWORK SECURITY
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.

802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Similar presentations

Ads by Google