- Fundamentals of 802.1x
- Introducing Cisco Identity-Based Networking Services
- Machine Authentication
- 802.1x and NAC
- Using EAP Types
- VPN and 802.1x
- Summary
- References
Introducing Cisco Identity-Based Networking Services
Cisco Identity-Based Networking Services (IBNS) is the product suite that implements 802.1x identity-based networking on Cisco networks. Cisco IBNS implements the capabilities defined in the IEEE 802.1x standard, which acts as a foundation for identity-based networking. For example, a Cisco switch can be an authenticator, and a Cisco ACS can be an authentication server in an IBNS/802.1x Cisco network.
IBNS also adds a layer of additional functionality that is not contained in the IEEE 802.1x standard. Cisco IBNS networks allow a user to be placed in a specific VLAN and apply specific ACLs after 802.1x port-based user authentication. Cisco IBNS also implements the advanced functionality including the Wake-on-LAN (WoL), Guest VLAN, and MAC authentication bypass features. WoL enables a remote server within the trusted network to reboot or initiate a connection to a remote 802.1x client that is not currently connected to the LAN in order to remotely install software updates. Guest VLAN allows unknown users to be placed into a Guest VLAN with restricted network permissions. MAC authentication bypass features allow devices that do not have an 802.1x supplicant (for example printers) to be granted or denied network access based upon MAC address.
Prior to IBNS with 802.1x, Cisco offered a proprietary identity management solution. This proprietary solution leveraged VLAN Management Policy Server (VMPS) as a VLAN distribution and assignment mechanism with the User Registration Tool (URT) for management. The introduction of the open 802.1x standard has enabled Cisco to implement an identity network solution, or IBNS, on the open 802.1x and RADIUS standards.