ieee 802 1
play

IEEE 802.1 Port-based Network Access Control Jeff Hayes Product - PowerPoint PPT Presentation

Dec 15, 2023 •348 likes •483 views

IEEE 802.1 Port-based Network Access Control Jeff Hayes Product Manager - Xylan jeff.hayes@xylan.com 1 2 June 1999 - 802.1 - Coeur dAlene Network Access Control What? $XWKHQWLFDWHG $XWKHQWLFDWHG 8VHUV 8VHUV distributed

  1. IEEE 802.1 Port-based Network Access Control Jeff Hayes Product Manager - Xylan jeff.hayes@xylan.com 1 2 June 1999 - 802.1 - Coeur d’Alene

  2. Network Access Control • What? $XWKHQWLFDWHG $XWKHQWLFDWHG 8VHUV 8VHUV – distributed security – authenticate users at the switch port switch – once authenticated, operates at LAN speed – leverage common authentication systems • RADIUS • DIAMETER • LDAP compliant $XWKHQWLFDWLRQ $XWKHQWLFDWLRQ 6HUYHU directory servers 6HUYHU • NOS 2 2 June 1999 - 802.1 - Coeur d’Alene

  3. Network Access Control • Why? – Perimeter security • access control at the edge – Not all users created equal • trust all; really trust only a few – Not all networks created equal • some require extra access control measures 3 2 June 1999 - 802.1 - Coeur d’Alene

  4. Network Access Control • Applications – distributed user Authenticated Authenticated authentication Users Users • not device switch • edge access control – user mobility with campus setting – leveraged by single switch switch sign-on systems • one ID/pswd, entered one-time Authentication Authentication Server Server 4 2 June 1999 - 802.1 - Coeur d’Alene

  5. Network Access Control • Market Demand – user authentication in enterprises • key departments (HR, Finance) • open computing environments (partners, visitors) – network ingress security • access control distributed to the edge – key verticals are ideal for switch access control • security conscience environments • mobile users • semi-public work environments 5 2 June 1999 - 802.1 - Coeur d’Alene

  6. Key Vertical: University Goal – authenticated open Goal – authenticated open computing computing ��������� • Broad facilities $XWKHQWLFDWLRQ – central campus, satellites & 6HUYHU dorms &DPSXV • Different user types 'HSDUWPHQWDO %DFNERQH 6XEQHWV – students - dorms, classrooms & library – faculty - offices & classes $FFHVV &RQWURO – admin - offices • IP addressing - DHCP ,QWHUQHW 6DWHOOLWH &DPSXV • Filter between private nets 6 2 June 1999 - 802.1 - Coeur d’Alene

  7. Key Vertical: Medical Goal – patient & research Goal – patient & research Patient Records & Accounting confidentiality confidentiality • Facilities – in/out patient hospital – research labs • Users – MDs, nurses, admins Hospital – research Phds & techs • Policy – authenticate into key subnets – filter / firewall internal Research traffic 7 2 June 1999 - 802.1 - Coeur d’Alene

  8. Key Vertical: Carrier Goal – secure, multi-layer secure, multi-layer Goal Internet access Internet access • users connect to network – via DSL or cable DSL or Cable • users authenticate at the ��� NSP’s POP – RADIUS – multiple authorities – one user per switch port • access multiple out- sourced services ISP 1 ISP 2 ISP 3 – separate billing 8 2 June 1999 - 802.1 - Coeur d’Alene

  9. Key Administration Issues • Ethernet-only ingress; any egress interface – No authentication needed for inter-switch ports • Configurable on a per port basis – not all switch ports must be authenticated ports • Log-off, aging and inactivity timer options – re-authenticate according to policy • Transparent to authentication server type – authenticator can request more information before determining the mechanism – smart cards, Kerberos, PKI, 1-time pswd, etc. 9 2 June 1999 - 802.1 - Coeur d’Alene

  10. Key Administration Issues • Multiple VLAN membership options – some want a MAC-based option = more control – authenticate into authorized VLAN = choice – client does DHCP after authentication • Mobility – same look & feel regardless of campus location – mixed vendor enviro=common user experience – many users need both non-auth access and auth access, depending on local port 10 2 June 1999 - 802.1 - Coeur d’Alene

  11. Other possible considerations • Core spec for the authentication process • Section/Appendix for port-based authentication – all or nothing / open or closed • Section/Appendix for MAC-based authentication – VLAN membership control (IP unicast, IP multicast, IPX, AT, etc.) 11 2 June 1999 - 802.1 - Coeur d’Alene

  12. Summary • Xylan believes a standards-based switch access authentication method is required • Key verticals markets have expressed a definite need for this capability – extra layer of security at the network edge • Although port based access may be easier to implement, do not discount the control layer-2 mechanisms offer • Xylan will support the approved spec 12 2 June 1999 - 802.1 - Coeur d’Alene

Recommend

1 IEEE 802.15.4 PHY IEEE 802.15.4 PHY Features Receiver Energy Detection

1 IEEE 802.15.4 PHY IEEE 802.15.4 PHY Features Receiver Energy Detection

Structure of Presentation Introduction 8 0 2.15.4 and Zigbee IEEE 812.15.4 WPAN IEEE 802.15.4 PHY IEEE 802.15.4 MAC Zigbee Routing Layer Kevin Klues Department of Computer Science and Engineering 2 Introduction Zigbee and

863 views • 6 slides
IEEE OU Analytics Training Presentation 2017 IEEE OU Analytics Welcome to the new IEEE OU

IEEE OU Analytics Training Presentation 2017 IEEE OU Analytics Welcome to the new IEEE OU

IEEE OU Analytics Training Presentation 2017 IEEE OU Analytics Welcome to the new IEEE OU Analytics This training guide will assist you in becoming familiar with the new tool being transitioned for both IEEE Volunteers and Staff through

1.57k views • 43 slides
IEEE 802.1Qau Congestion IEEE 802.1Qau Congestion Notification Notification Pat Thaler IEEE

IEEE 802.1Qau Congestion IEEE 802.1Qau Congestion Notification Notification Pat Thaler IEEE

IEEE 802.1Qau Congestion IEEE 802.1Qau Congestion Notification Notification Pat Thaler IEEE 802.1 Congestion Management Chair pthaler@broadcom.com Agenda Agenda IEEE 802.1Qau PAR Project Authorization Request IEEE equivalent of

1.55k views • 33 slides
5G Standardization in IEEE: Opportunities for all Robert S. Fish, V.P. Standards Activities IEEE

5G Standardization in IEEE: Opportunities for all Robert S. Fish, V.P. Standards Activities IEEE

5G Standardization in IEEE: Opportunities for all Robert S. Fish, V.P. Standards Activities IEEE Communications Society rob dot fish at ieee dot org IEEE 5G Summit May 26, 2015 IEEE 5G Standards: Goals To identify standardization

790 views • 12 slides
W ITH RECENT widespread deployment of new peer- MSS and the MHs could become a scalability

W ITH RECENT widespread deployment of new peer- MSS and the MHs could become a scalability

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 25, NO. 1, JANUARY 2007 179 GroCoca: Group-based Peer-to-Peer Cooperative Caching in Mobile Environment Chi-Yin Chow, Student Member, IEEE, Hong Va Leong, Member, IEEE Computer Society, IEEE

681 views • 13 slides
IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and

IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and

IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and Standards Activities 1 IEEE 5G Vision IEEE, like many other organizations, believes that 5G ecosystem is rather large and will cover many

367 views • 9 slides
An Engineering guide to IEEE 802.1Q and IEEE 802.1p Silvano Gai 1/6/99 Silvano Gai - 1998 1

An Engineering guide to IEEE 802.1Q and IEEE 802.1p Silvano Gai 1/6/99 Silvano Gai - 1998 1

An Engineering guide to IEEE 802.1Q and IEEE 802.1p Silvano Gai 1/6/99 Silvano Gai - 1998 1 Agenda VLAN IEEE 802 committees IEEE 802.1p IEEE 802.1Q The Cisco solution 1/6/99 Silvano Gai - 1998 2 Compass VLAN N

838 views • 56 slides
T HE ability to locate people and assets, to navigate beyond exhaustive search over subsets of

T HE ability to locate people and assets, to navigate beyond exhaustive search over subsets of

1 A Machine Learning Approach to Ranging Error Mitigation for UWB Localization Henk Wymeersch, Member, IEEE , Stefano Maran, Student Member, IEEE , Wesley M. Gifford, Student Member, IEEE , Moe Z. Win, Fellow, IEEE Abstract Location-awareness

429 views • 9 slides
T routing tables have grown to hundreds of thousands of HE rapid growth of Internet traffic

T routing tables have grown to hundreds of thousands of HE rapid growth of Internet traffic

784 IEEE TRANSACTIONS ON COMPUTERS, VOL. 59, NO. 6, JUNE 2010 Priority Tries for IP Address Lookup Hyesook Lim, Member , IEEE , Changhoon Yim, Member , IEEE , and Earl E. Swartzlander, Jr., Fellow , IEEE Abstract High-speed IP address lookup

217 views • 11 slides
P passes it to the TCAM coprocessor for classification. A ACKET classification has been recognized

P passes it to the TCAM coprocessor for classification. A ACKET classification has been recognized

902 IEEE TRANSACTIONS ON COMPUTERS, VOL. 57, NO. 7, JULY 2008 DRES: Dynamic Range Encoding Scheme for TCAM Coprocessors Hao Che, Senior Member , IEEE , Zhijun Wang, Kai Zheng, Member , IEEE , and Bin Liu, Member , IEEE Abstract One of the

578 views • 14 slides
C OMPARED with a structured P2P network [18], [23], [30], technique causes the unstructured P2P

C OMPARED with a structured P2P network [18], [23], [30], technique causes the unstructured P2P

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 17, NO. 10, OCTOBER 2006 1097 DiCAS: An Efficient Distributed Caching Mechanism for P2P Systems Chen Wang, Student Member , IEEE , Li Xiao, Member , IEEE , Yunhao Liu, Member , IEEE ,

606 views • 13 slides
Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE

Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE

Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE 1588 Boundary, Ordinary, or Transparent Clock Geoffrey M. Garner Samsung Advanced Institute of Technology (SAIT), Consultant (SAIT) Consultant

580 views • 39 slides
R EALISTIC modeling and rendering of surface-light inter- BTF data is tied to the geometry surface

R EALISTIC modeling and rendering of surface-light inter- BTF data is tied to the geometry surface

IEEE TRANSACTIONS ON VISUALIZATION AND COMPUTER GRAPHICS, VOL. 13, NO. 5, SEPTEMBER/OCTOBER 2007 953 Tileable BTF Man-Kang Leung, Wai-Man Pang, Student , IEEE , Chi-Wing Fu, Member , IEEE , Tien-Tsin Wong, Member , IEEE Computer Society , and

558 views • 13 slides
IEEE Report Formatting Walking Through the Format Introduction Reasons for IEEE

IEEE Report Formatting Walking Through the Format Introduction Reasons for IEEE

IEEE Report Formatting Walking Through the Format Introduction Reasons for IEEE Formatting Submission to Conferences and Symposiums Template for Future Research http://www.ieee.org/documents/MSW_USltr_format.doc Title

530 views • 10 slides
OR IEEE RAS Robotics and Automation Society June 12, 2018 Dr. Edward C. Epp Oregon IEEE RAS

OR IEEE RAS Robotics and Automation Society June 12, 2018 Dr. Edward C. Epp Oregon IEEE RAS

2018 Chapter Report : OR IEEE RAS Robotics and Automation Society June 12, 2018 Dr. Edward C. Epp Oregon IEEE RAS Chair Outline Oregon IEEE RAS Goals Targeted Technology Drivers Oregon IEEE RAS Activities 6/8/18 Epp Oregon

158 views • 14 slides
Best Practices Wiki Ruth Duerr NSIDC, IEEE Jay Pearlman, IEEE Siri Jodha Singh Khalsa, IEEE

Best Practices Wiki Ruth Duerr NSIDC, IEEE Jay Pearlman, IEEE Siri Jodha Singh Khalsa, IEEE

Best Practices Wiki Ruth Duerr NSIDC, IEEE Jay Pearlman, IEEE Siri Jodha Singh Khalsa, IEEE Report to GEO Committees May 2008 What is a best practice? Best practices can be in outreach and capacity building, observation techniques or

440 views • 14 slides
9/ 8/ 2017 W ho is the I EEE-SA? I EEE-SA Patent Policy The IEEE Standards Association (IEEE-SA)

9/ 8/ 2017 W ho is the I EEE-SA? I EEE-SA Patent Policy The IEEE Standards Association (IEEE-SA)

9/ 8/ 2017 W ho is the I EEE-SA? I EEE-SA Patent Policy The IEEE Standards Association (IEEE-SA) is a leading I nternational Sym posium on consensus building organization that nurtures, develops, Standard Essential Patents and advances

200 views • 3 slides
I EEE Conform ity Assessm ent Program IEEE Standards Association (IEEE-SA) Ravi Subramaniam

I EEE Conform ity Assessm ent Program IEEE Standards Association (IEEE-SA) Ravi Subramaniam

I EEE Conform ity Assessm ent Program IEEE Standards Association (IEEE-SA) Ravi Subramaniam r.subramaniam@ieee.org TCBC Workshop Baltimore, MD I EEE: W orlds Largest Professional Association Advancing Technology for Hum anity Our Global

449 views • 42 slides
Patents in Telecom Washington, DC 5 November 2015 Konstantinos Karachalios, IEEE-SA Managing

Patents in Telecom Washington, DC 5 November 2015 Konstantinos Karachalios, IEEE-SA Managing

05/11/15 Review of IEEE-SA Patent Policy Patents in Telecom Washington, DC 5 November 2015 Konstantinos Karachalios, IEEE-SA Managing Director 1 IEEE-SA Patent Policy IEEE standards can include use of Essential Patent Claims IEEE

394 views • 8 slides
F ACIAL images convey many important human character- we examine in this paper four different

F ACIAL images convey many important human character- we examine in this paper four different

IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, VOL. 36, NO. 2, FEBRUARY 2014 331 Neighborhood Repulsed Metric Learning for Kinship Verification Jiwen Lu, Member , IEEE , Xiuzhuang Zhou, Member , IEEE , Yap-Pen Tan, Senior

789 views • 15 slides
I great potential for representing a set in main memory [13] in NFORMATION representation and

I great potential for representing a set in main memory [13] in NFORMATION representation and

120 IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 22, NO. 1, JANUARY 2010 The Dynamic Bloom Filters Deke Guo, Member , IEEE , Jie Wu, Fellow , IEEE , Honghui Chen, Ye Yuan, and Xueshan Luo Abstract A Bloom filter is an effective,

534 views • 14 slides
IEEE C57 12 38 IEEE C57.12.38 LV bushing cantilever strength analysis Justin Pezzin, P.Eng , g

IEEE C57 12 38 IEEE C57.12.38 LV bushing cantilever strength analysis Justin Pezzin, P.Eng , g

IEEE C57 12 38 IEEE C57.12.38 LV bushing cantilever strength analysis Justin Pezzin, P.Eng , g Carlos Gaytan March 2012 Overview Problem description LV bushing force diagram Review of manufacturer specifications Discussion /

189 views • 14 slides
February Sixth General Meeting Month in Review IEEE and Lane Dept Apparel IEEE EE Lab Kits

February Sixth General Meeting Month in Review IEEE and Lane Dept Apparel IEEE EE Lab Kits

February Sixth General Meeting Month in Review IEEE and Lane Dept Apparel IEEE EE Lab Kits Reminders If you havent done so already. Sign up to be a member on our website (ieee.orgs.wvu.edu/membership) Join our Slack team

463 views • 32 slides
S OFTWARE Defined Networking (SDN) has been proposed Field Programmable Gate Array (FPGA)

S OFTWARE Defined Networking (SDN) has been proposed Field Programmable Gate Array (FPGA)

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 27, NO. 1, JANUARY 2016 197 High-Performance and Dynamically Updatable Packet Classification Engine on FPGA Yun R. Qu, Member, IEEE and Viktor K. Prasanna, Fellow, IEEE Abstract

351 views • 13 slides

More recommend