This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1X supplicant on access switches for uplink authentication (for security & automation)

802.1X supplicant on access switches for uplink authentication (for security & automation)

Volker_Kull
Contributor

‎11-11-2020 10:58 AM

APs are mostly authenticated at a switchport to use an automatic configuration of switchport behaviours (VLANs, port authentication, ..) like I mentioned in my “AP-Aware” idea. We need this function as well for authentication and automation to connect access switches to core/distribution/fabric switches. This ist for security reasons  in case of using distributed switches in office, production, IOT/OT, … to prevent unauthorized usage uf the uplink ports as well as a basic function to use automation in a distributed environment.

This is not new to use a 802.1X supplicant on access devices (like APs) to connect to switchports and use automation for on-/offboarding. 

More and more small devices in production, healthcare, education environments for headless devices, IOT/OT force us to deliver an easy to deploy and use environment.

 

br

Volker

0 Kudos
12 REPLIES 12

AlexN
Extreme Employee

‎12-04-2020 04:41 PM

That means there are substantial benefits to introduce them to Fabric, right ? 51caffaffb1a47acab69404fa75e3241_1f609.png

In legacy networking scenarios achieving same automation levels can be more challenging however not impossible:  for instance combination of ZTP+ and OSPF/BGP authentication would do similar trick with EXOS.

So is your request limited to only EXOS then ?  

BR,

Alex

Best regards/Un saludo
Alex
0 Kudos

Volker_Kull
Contributor

‎12-04-2020 03:10 PM

Hello AlexN!

Fabric is not everywhere and cloud as well.

In our customer base 99% of access switches are EXOS, and more than 50% of the distribution/core switches are EXOS as well.

Volker

0 Kudos

AlexN
Extreme Employee

‎12-04-2020 03:02 PM

In fabric environment is’t already the case. With auto-sense feature added in 8.3 for Zero Touch Fabric, it will cater for similar scenario.

Mechanism there will not be 802.1x specific, however from security perspective you can use:

  1. ISIS HMAC
  2. Fabric Attach authentication
  3. MACSEC keys 
Best regards/Un saludo
Alex
0 Kudos
GTM-P2G8KFN