Upload
kamalikamj
View
188
Download
5
Tags:
Embed Size (px)
Citation preview
Identity Management in 802.1x networks
Network without Identity Management
Netw
ork switch
Netw
ork switch
Internet Internet
Microsoft AD, DC and Radius(IAS/NPS) server
Finance Dept
Client Project
Private NetworkPrivate Network
Finance Team
Project Team
Visitor
Why is identity management needed in networks
• Security to your network.
• Protecting confidential data.
• Per Project level isolation.
What is Identity Management
IdentityIdentity
Account IDDomain
VLAN Membership
IP Address
Mac Address
Network switchNetwork switch
Authentication/Authorization Server
How does an Identity Aware Network look like
Netw
ork switch
Netw
ork switch
Internet Internet
Microsoft AD, DC and Radius(IAS/NPS) server
Private NetworkPrivate Network
Client Project Vlan
Finance Dept VLan
Finance Team
Project Team
Visitor
Guest VLANGuest VLAN
Enabled with identity
management
Enabled with identity
management
Network without VLAN
Finance TeamProject Team
Project TeamFinance Team Visitors
Since there is no vlan isolation in the switch,
anyone connecting to the switch will have access to anything in the network.
Since there is no vlan isolation in the switch,
anyone connecting to the switch will have access to anything in the network.
Network Switch
How does VLAN isolation work?
Project TeamFinance Team Visitors
Network Switch
How Does Authentication work ?
Netw
ork Switch
Netw
ork Switch
Client Project Vlan
Private NetworkPrivate Network
• Microsoft AD, DC • Radius(IAS/NPS) server
Radius verifies the Account ID /Domain
id with AD
Radius verifies the Account ID /Domain
id with AD
Radius processes the policy set for that user :1.Security Group
2.Radius attributes (In this case vlan membership)
Radius processes the policy set for that user :1.Security Group
2.Radius attributes (In this case vlan membership)
Based on the information sent by Radius, the switch places
the person in the corresponding vlan
Based on the information sent by Radius, the switch places
the person in the corresponding vlan
Vlan Membership
Switch sends the user identity to
Authentication Server
Switch sends the user identity to
Authentication Server
Project Team
User connects to the networks
User connects to the networks
Questions ?