Looking to implement 802.1x (wired) for a client having a need to more strictly control access to ports in common areas such as conference rooms, cubicle farms, etc. Have never done this in a wired environment (using all EXOS, mostly 440G2, 460, 670) and I'm wondering how much effort is involved in deploying NAC, configuring all of the switches (about 16 - 10 of those are stacks), etc. Goal is to have authenticated access grant connections to the private LAN, otherwise assign a port to the guest network delivering only Internet access. There are about 400 users in this environment. Wireless is currently providing only guest access, so we're not tackling that in this project. Any suggestions, best practices, experiences? Is this a lot of work?
Add-on question: Does anyone know if RSA SecureID can be used as the authentication source for 802.1x auth requests? This client has a fully deployed RSA environment for remote access and rather than deploy another authentication mechanism, I'm thinking it makes sense to use what they already have (given that it's two factor as well). Thoughts?