Identity-based networking Identity-based networking is a concept that ties together several authentication, access control, and user policy components in order to provide users with the network services you want them to have.
In the past, for a user to connect to the Finance services, for example, a user had to be plugged into the Finance LAN or VLAN. However, with user mobility as one of the core requirements of modern networks, this is no longer practical, nor does it provide sufficient security.
Identity-based networking allows you to verify users when they connect to a switch port by authenticating them and placing them in the right VLAN based on their identity. Should any users fail to pass the authentication process, their access can be rejected, or they might be simply put in a guest VLAN. The IEEE 802.1x standard allows you to implement identity-based networking on wired and wireless hosts by using client/server access control. There are three roles :
In the past, for a user to connect to the Finance services, for example, a user had to be plugged into the Finance LAN or VLAN. However, with user mobility as one of the core requirements of modern networks, this is no longer practical, nor does it provide sufficient security.
Identity-based networking allows you to verify users when they connect to a switch port by authenticating them and placing them in the right VLAN based on their identity. Should any users fail to pass the authentication process, their access can be rejected, or they might be simply put in a guest VLAN. The IEEE 802.1x standard allows you to implement identity-based networking on wired and wireless hosts by using client/server access control. There are three roles :
* Client : Also referred to as a supplicant, this software runs on a client that is 802.1x compliant.
* Authenticator : Typically a switch, this controls physical access to the network and is a proxy between the client and the authentication server.
* Authentication server (RADIUS) : This is a server that authenticates each client before making available any services.