[unisog] 802.1x

Allen Mundt allenatwork at sbcglobal.net
Tue Sep 27 21:21:53 GMT 2005

We have looked at this briefly ourselves - and also in the Cisco realm.  I 
think you have hinted at the low end, and least workstation-invasive 
implementation, which is to filter by MAC.  There are several other levels. 
At the higher end of the spectrum, a device agent (little piece of SW that 
sits on the workstation) is required.  When you get that level of control, 
you can actually scan for absence or presence of required or prohibited 
software.  Not overly practical in a higher education environment, but may 
work in the office areas, depending on how your networks are segmented.

Its been a while since we have checked, but in the Cisco area, I think this 
may be still evolving, and 'not quite ready for prime time'.


Allen Mundt

"Remember that if the opportunities for great deeds should never come,
     the opportunities for good deeds are renewed day by day. The thing
         for us to long for is the goodness, not the glory."
              -- F.W. Faber
----- Original Message ----- 
From: "Cary, Kim" <Kim.Cary at pepperdine.edu>
To: <unisog at lists.sans.org>
Sent: Tuesday, September 27, 2005 3:35 PM
Subject: [unisog] 802.1x

> We're looking at 802.1x as a standard for wired connections in our
> network renewal. We want to know who is attaching to our net. We're
> early in our discussions with Cisco on their implementation. I'd be
> interested in this topic and any responses that come back to the net.
> As to extending via 'hubs' its pretty easy to stop hubs (802.1x or not)
> by enabling the multiple MAC prevention feature on your switch. Our more
> recent gear has a timeout associated with the feature. With a reasonable
> timeout, for example 60 seconds, two computers on a hub will cause the
> port to drop traffic for the 'second' MAC address, but not prevent, say,
> two student laptops in different classes scheduled back-to-back in the
> same lecture hall from using the same port during each class session.
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog 

More information about the unisog mailing list