SlideShare una empresa de Scribd logo

Holistic view of 802.1x integration & optimization

Bangladesh Network Operators Group
Bangladesh Network Operators Group

Holistic view of 802.1x integration & optimization

Internet
1 de 25
Descargar para leer sin conexión
Holistic view of 802.1x integration & optimization High level design, with visual paradigm Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
What we will talk about  Campus network in practice  Security in practice  802.1x, PEAP, EAP-TLS, EAP-FAST explained for campus network  Policy based access control  Network Admission Control (NAC)  Introducing NAC appliance  Secure network design with NAC for LAN & WLAN network  Device profiling, posture check, guest redirection explained  A case study scenario. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
We will not talk about  Network design (routing, switching, WAN technologies)  Network Quality of Service for routing & switching  Basic WLAN infrastructure design.  Not going to discus network design models in details. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Campus Area Network (CAN)  Network consists of switch, router, firewall.  Network infrastructure is owned and operated by the organization itself.  CAN is ranged within 1KM to 5KM of area.  Users within the network are free to use network resources once they are within the campus parameter. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
CAN Pros & Cons Advantages  Easy build and maintenance.  Open to all, personal hand-held device or laptops.  Easy share and storage of resources within network and access from anywhere within the network.  Network resources stays within network and firewalled from external threat.  Users uses secure login (SSO i.e. Shibbolet) technology to access resources within network. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Disadvantages  Identity can be tempered. Such way unauthorized users with right user credential can have access to unauthorized resource location resides within the network while the system knows the resources are accessed by authorized person.  User right within the entire network says same regardless which device the user using or from which network location the user is coming from.  Transparent to any firewall / IPS / IDS appliance.  Device authorization scope is so limited and not dynamic.  Management is slow and authentication / authorization events are not transparent to network administrator. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 CAN Pros & Cons
 Identity loss or unauthorized access (using valid credential) are never detected if the intruder don’t do any harm to resources.  Authorized users can access network resources using any devices supports local network based authentication / SSO (i.e. AD, OpenLDAP, Shibbolet, OTP, RADIUS).  Any devices can access network even if the device is not security compliant (i.e. Non-updated patch, AV definition, Application)  Guest management is painful. Guest access to the network needs network administrator extra effort and time for managing new network.  Device isolation for service is complicated. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 CAN Pros & Cons
Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
CAN security in practice Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 IPS /IDS PBR External Threat prevention Zone based Firewall AD, OTP, openLDAP, RSA Token System hardening Internal Threat prevention DLP, awareness
CAN proposed network security Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 Identity Service Engine Core Network Security LAN Network VPN Access Identity source External RADIUS External MDM Wireless network Switched network AD Mobility Services Agent less Agent based OTP Internal CA WLAN Controller Lite AP AP
CAN proposed security features Features Device profiling Automatic Manual BYOD Device registration redirection Dynamic profile allocation TLS handshake Posture check Posture profiling Posture object Dynamic access control MAB Policy based 802.1x Guest redirection User /device redirection Guest mgmt. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Authentication method explained  MAC Authentication Bypass Method of excluding MAC addresses for 802.1x authentication process when its detected in a 802.1x enabled port.  802.1x based authentication Method of forwarding 802.1x request to Identity Source server (AD, openLDAP etc.) through Access Server. **NAD devices (Switch, Router, Firewall, virtual network devices) establish communication using pre- shared key prior to establish 802.1x request to Access server. Access server collect all authentication requests and forwards accordingly. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Protocols for authentication  RADIUS  PEAP or Protected Extensible Authentication Protocol  EAP-TLS or certificate based authentication.  EAP-FAST to carry both TLS and non-TLS authentication. Inner methods  MSCHAPv2, MSCHAP, MD5  TLS Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
802.1x components configuration  802.1x server or Access Server needs to add switches / Wireless controller with pre-shared key defined.  Switch port 802.1x enablement  Switch /Wireless controller to contact with Access Server using pre-shared key.  Dynamic authorization enablement (if supported by NAD devices).  User PC / Server or VM needs to be 802.1x supplicant (Windows, Linux built-in or third-party supplicant like CISCO Anyconnect) enabled.  Finally correspondent rules for 802.1x authentication & authorization. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
MAB configuration components  Access server configuration for 802.1x exception  Switch port MAB enablement configuration  Open SSIDs in WLAN to be configured for MAB for guest redirection. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Policy based dynamic access  Can be achieved using Microsoft NPS (No posture, device profiling, MDM integration, BYOD, Needs windows server 2K8 and 2K12 enterprise licensed)  Can be achieved using CISCO ISE. (Licensed product. Needs feature unlock license).  Can be achieved using OpenNAC (open-source, No posture)  Can be achieved using PakcketFence. (open-source, supports almost everything) Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Dynamic NAC process Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 Failover ? Learn MAC Start IEEE 802.1x IEEE 802.1x Fails Retries Exceeded ? MAB configured MAB configured ? MAB Pass? Web-Auth ? Auth Fail ? Auth-Fail VLAN Restart Timer Restart Time Expire Quite Period Expire No Access Web-Auth Passed Web-Authorization MAB Authorization Y N N Y Y Y N N Y N N Y Y
Implementation summary  Deploying AD with domain name “bdnog2016.org”. (Optional)  Deploying Certificate server (Microsoft CA, Entrust CA, OpenSSL etc.) (Optional)  Deploying external RADIUS server. (Optional)  Deploying OTP server (Optional)  Deploying Identity Service Solution (ISE, Open-NAC or PacketFence). (mandatory)  Select supported NAD device. Cisco WS-C2960+24PC-L is ideal for this operation. We can also select Dell Force10 switches, PowerConnect specific models.  Using wireless controller (Cisco WLC, ARUBA, Chillispot for dwrt based AP Etc.) Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
CASE STUDY SCENARIO: ISE DISCUSSION ON A STUDTY THAT ALREADY BEEN IMPLEMENTED AND FUNCTIONAL IN ONE OF THE LARGEST NGOs IN BANGLADESH WITHIN ALL 87 BRANCHES CONNECTED USING MPLS BACKBONE Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Solution High Level Design Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Placement in network  Recommended to deploy in server zone. Not necessary to deploy in DMZ as the service will be used by users within the organization.  Must have secure firewall policies that will permit only the ports needed for 802.1x, RADIUS, Wep-Portal Redirection & Posture redirection  Wireless LAN Controller can be placed on L2 network or L3 network (Use FQDN broadcast using the enterprise Domain-Controller).  All NAD devices (Switches, Firewall, Wireless LAN Controller should be able to communicate with both ISE servers). Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Advance placement issues  Do not place the ISE or NAC servers in Access Zone.  Try to create separate zone for the ease of policing and security issue mitigation.  If used de-centralized DHCP broadcast (in case of L3 MPLS) try Flex-Connect option at the branch AP.  Use Flex-ACL, AP-Group policy to make management easy and to ensure session control for web-redirection (Avoid 500 Internal Error) Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
NAD configuration (Switch)  Switch-Global configuration  -----------------------------  Switch(config)# aaa new-model  Switch(config)# radius-server host 10.10.2.250  Switch(config)# radius-server key <mykey>  Switch(config)# aaa authentication dot1x default group radius local  Switch(config)# dot1x system-auth-control  Switch(config)# aaa authorization network default group radius  Switch(config)# radius-server vsa send authentication  Switch(config)# radius-server attribute 6 on-for-login-auth  Switch(config)# radius-server attribute 8 include-in-access-req  Switch(config)# radius-server attribute 25 access-request include  Switch(config)# radius-server vsa send accounting  Switch(config)# radius-server vsa send authentication Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308  Port Configuration  ------------------------------  Switch(config-if)# switchport mode access  Switch(config-if)# authentication event fail action next-method  Switch(config-if)# authentication event server dead action authorize vlan 10  Switch(config-if)# authentication event server alive action reinitialze  Switch(config-if)# authentication host-mode multi-auth  Switch(config-if)# authentication closed  Switch(config-if)# authentication port-control auto  Switch(config-if)# authentication violation restrict  Switch(config-if)# ip device tracking  Switch(config-if)# dot1x pae authenticator  Switch(config-if)# spanning-tree portfast
NAD Configuration (WLC)  Remote AP should be in flex-connect mode.  Permit & Deny ACL should be configured on WLC, must be pointed at ISE under policy to dynamically allocate for wireless users.  Redirection ACL should be configured on WLC (For flex AP, ACL will be FLEX-ACL while similar empty ACL will be in Normal ACL). Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
Enjoy 802.1x Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308

Recomendados

Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
Top 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeTop 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeAruba, a Hewlett Packard Enterprise company
 
A-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceA-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceAruba, a Hewlett Packard Enterprise company
 
Acmp study guide_d[1]
Acmp study guide_d[1]Acmp study guide_d[1]
Acmp study guide_d[1]Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentalsAruba, a Hewlett Packard Enterprise company
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Aruba, a Hewlett Packard Enterprise company
 
Clear passbasics derinmellor
Clear passbasics derinmellorClear passbasics derinmellor
Clear passbasics derinmellorAruba, a Hewlett Packard Enterprise company
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksAruba, a Hewlett Packard Enterprise company
 

Recomendados

Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
Top 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeTop 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeAruba, a Hewlett Packard Enterprise company
 
A-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceA-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceAruba, a Hewlett Packard Enterprise company
 
Acmp study guide_d[1]
Acmp study guide_d[1]Acmp study guide_d[1]
Acmp study guide_d[1]Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentalsAruba, a Hewlett Packard Enterprise company
 
Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Connect and protect building a trust based internet of things for business cr...
Connect and protect building a trust based internet of things for business cr...Aruba, a Hewlett Packard Enterprise company
 
Clear passbasics derinmellor
Clear passbasics derinmellorClear passbasics derinmellor
Clear passbasics derinmellorAruba, a Hewlett Packard Enterprise company
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksAruba, a Hewlett Packard Enterprise company
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentalsAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba, a Hewlett Packard Enterprise company
 
Air group tb 080112_final
Air group tb 080112_finalAir group tb 080112_final
Air group tb 080112_finalAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanAruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon greenAruba, a Hewlett Packard Enterprise company
 
Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the CloudEMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the CloudAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Aruba, a Hewlett Packard Enterprise company
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteAruba, a Hewlett Packard Enterprise company
 
Wireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyWireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
2012 ah apj rf troubleshooting
2012 ah apj rf troubleshooting2012 ah apj rf troubleshooting
2012 ah apj rf troubleshootingAruba, a Hewlett Packard Enterprise company
 
Airheads dallas 2011 rap troubleshooting
Airheads dallas 2011 rap troubleshootingAirheads dallas 2011 rap troubleshooting
Airheads dallas 2011 rap troubleshootingAruba, a Hewlett Packard Enterprise company
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lanAruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAruba, a Hewlett Packard Enterprise company
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhuAruba, a Hewlett Packard Enterprise company
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Aruba, a Hewlett Packard Enterprise company
 
Apnic update
Apnic updateApnic update
Apnic updateBangladesh Network Operators Group
 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Bangladesh Network Operators Group
 

Más contenido relacionado

La actualidad más candente

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 

La actualidad más candente (20)

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
 
Air group tb 080112_final
Air group tb 080112_finalAir group tb 080112_final
Air group tb 080112_final
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf Italy
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon green
 
Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)
 
EMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the CloudEMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the Cloud
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulte
 
Wireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyWireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf Italy
 
2012 ah apj rf troubleshooting
2012 ah apj rf troubleshooting2012 ah apj rf troubleshooting
2012 ah apj rf troubleshooting
 
Airheads dallas 2011 rap troubleshooting
Airheads dallas 2011 rap troubleshootingAirheads dallas 2011 rap troubleshooting
Airheads dallas 2011 rap troubleshooting
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 

Destacado

বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!Bangladesh Network Operators Group
 

Destacado (20)

Apnic update
Apnic updateApnic update
Apnic update
 
Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment Case study of Bangladesh IPv6 deployment
Case study of Bangladesh IPv6 deployment
 
VoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenueVoLTE: New horizon for voice revenue
VoLTE: New horizon for voice revenue
 
Go with the Flow
Go with the Flow Go with the Flow
Go with the Flow
 
APNIC Service Improvements 2015
APNIC Service Improvements 2015APNIC Service Improvements 2015
APNIC Service Improvements 2015
 
bdNOG Report
bdNOG ReportbdNOG Report
bdNOG Report
 
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
 
Local Solution with Global Potential
Local Solution with Global PotentialLocal Solution with Global Potential
Local Solution with Global Potential
 
RTT matters
RTT mattersRTT matters
RTT matters
 
বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!বাংলায় নেটওয়ার্কিং স্বাদ!
বাংলায় নেটওয়ার্কিং স্বাদ!
 
ISP status in Bangladesh 2016
ISP status in Bangladesh 2016ISP status in Bangladesh 2016
ISP status in Bangladesh 2016
 
The Future of SIP in WebRTC
The Future of SIP in WebRTCThe Future of SIP in WebRTC
The Future of SIP in WebRTC
 
Onboard Automation with EEM
Onboard Automation with EEM Onboard Automation with EEM
Onboard Automation with EEM
 
Misused top ASNs
Misused top ASNsMisused top ASNs
Misused top ASNs
 
Secure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of BangladeshSecure BGP and Operational Report of Bangladesh
Secure BGP and Operational Report of Bangladesh
 
Mobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operatorsMobile Internet Optimization: An effective tool for operators
Mobile Internet Optimization: An effective tool for operators
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet? Darknet - Is this the future of Internet?
Darknet - Is this the future of Internet?
 
History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet
 

Similar a Holistic view of 802.1x integration & optimization

Aerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive Networks
 
Easy Provisioning with GainSpan Embedded Wi-Fi Technology
Easy Provisioning with GainSpan Embedded Wi-Fi TechnologyEasy Provisioning with GainSpan Embedded Wi-Fi Technology
Easy Provisioning with GainSpan Embedded Wi-Fi Technologygainspan
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsAlane Moran
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxYaser330700
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Canada
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXssuser5824cf
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
SNA Wired & Wireless Network Solutions doc
SNA Wired & Wireless Network Solutions docSNA Wired & Wireless Network Solutions doc
SNA Wired & Wireless Network Solutions docKathleen M. Darrah
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Managing Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless NetworkManaging Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless NetworkSecurEdgeNetworks
 

Similar a Holistic view of 802.1x integration & optimization (20)

Manjesh cv
Manjesh cvManjesh cv
Manjesh cv
 
Aerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive BR100 Branch Router
Aerohive BR100 Branch Router
 
Easy Provisioning with GainSpan Embedded Wi-Fi Technology
Easy Provisioning with GainSpan Embedded Wi-Fi TechnologyEasy Provisioning with GainSpan Embedded Wi-Fi Technology
Easy Provisioning with GainSpan Embedded Wi-Fi Technology
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systems
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptx
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for youCisco Connect Halifax 2018 Cisco Meraki -let simple work for you
Cisco Connect Halifax 2018 Cisco Meraki -let simple work for you
 
ICC Networking handles BYOD & BYOC
ICC Networking handles BYOD & BYOCICC Networking handles BYOD & BYOC
ICC Networking handles BYOD & BYOC
 
Ap3705i ds
Ap3705i dsAp3705i ds
Ap3705i ds
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bell
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
 
Ramzan resume
Ramzan resumeRamzan resume
Ramzan resume
 
Ruckus brief customer_Medley
Ruckus brief customer_MedleyRuckus brief customer_Medley
Ruckus brief customer_Medley
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
SNA Wired & Wireless Network Solutions doc
SNA Wired & Wireless Network Solutions docSNA Wired & Wireless Network Solutions doc
SNA Wired & Wireless Network Solutions doc
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
Arslan cv sep 2016
Arslan cv sep 2016Arslan cv sep 2016
Arslan cv sep 2016
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Managing Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless NetworkManaging Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless Network
 

Más de Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

Más de Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Último

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...roncy bisnoi
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...SUHANI PANDEY
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...nirzagarg
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋nirzagarg
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 

Último (20)

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 

Holistic view of 802.1x integration & optimization

  • 1. Holistic view of 802.1x integration & optimization High level design, with visual paradigm Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 2. What we will talk about  Campus network in practice  Security in practice  802.1x, PEAP, EAP-TLS, EAP-FAST explained for campus network  Policy based access control  Network Admission Control (NAC)  Introducing NAC appliance  Secure network design with NAC for LAN & WLAN network  Device profiling, posture check, guest redirection explained  A case study scenario. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 3. We will not talk about  Network design (routing, switching, WAN technologies)  Network Quality of Service for routing & switching  Basic WLAN infrastructure design.  Not going to discus network design models in details. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 4. Campus Area Network (CAN)  Network consists of switch, router, firewall.  Network infrastructure is owned and operated by the organization itself.  CAN is ranged within 1KM to 5KM of area.  Users within the network are free to use network resources once they are within the campus parameter. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 5. CAN Pros & Cons Advantages  Easy build and maintenance.  Open to all, personal hand-held device or laptops.  Easy share and storage of resources within network and access from anywhere within the network.  Network resources stays within network and firewalled from external threat.  Users uses secure login (SSO i.e. Shibbolet) technology to access resources within network. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 6. Disadvantages  Identity can be tempered. Such way unauthorized users with right user credential can have access to unauthorized resource location resides within the network while the system knows the resources are accessed by authorized person.  User right within the entire network says same regardless which device the user using or from which network location the user is coming from.  Transparent to any firewall / IPS / IDS appliance.  Device authorization scope is so limited and not dynamic.  Management is slow and authentication / authorization events are not transparent to network administrator. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 CAN Pros & Cons
  • 7.  Identity loss or unauthorized access (using valid credential) are never detected if the intruder don’t do any harm to resources.  Authorized users can access network resources using any devices supports local network based authentication / SSO (i.e. AD, OpenLDAP, Shibbolet, OTP, RADIUS).  Any devices can access network even if the device is not security compliant (i.e. Non-updated patch, AV definition, Application)  Guest management is painful. Guest access to the network needs network administrator extra effort and time for managing new network.  Device isolation for service is complicated. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 CAN Pros & Cons
  • 8. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 9. CAN security in practice Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 IPS /IDS PBR External Threat prevention Zone based Firewall AD, OTP, openLDAP, RSA Token System hardening Internal Threat prevention DLP, awareness
  • 10. CAN proposed network security Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 Identity Service Engine Core Network Security LAN Network VPN Access Identity source External RADIUS External MDM Wireless network Switched network AD Mobility Services Agent less Agent based OTP Internal CA WLAN Controller Lite AP AP
  • 11. CAN proposed security features Features Device profiling Automatic Manual BYOD Device registration redirection Dynamic profile allocation TLS handshake Posture check Posture profiling Posture object Dynamic access control MAB Policy based 802.1x Guest redirection User /device redirection Guest mgmt. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 12. Authentication method explained  MAC Authentication Bypass Method of excluding MAC addresses for 802.1x authentication process when its detected in a 802.1x enabled port.  802.1x based authentication Method of forwarding 802.1x request to Identity Source server (AD, openLDAP etc.) through Access Server. **NAD devices (Switch, Router, Firewall, virtual network devices) establish communication using pre- shared key prior to establish 802.1x request to Access server. Access server collect all authentication requests and forwards accordingly. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 13. Protocols for authentication  RADIUS  PEAP or Protected Extensible Authentication Protocol  EAP-TLS or certificate based authentication.  EAP-FAST to carry both TLS and non-TLS authentication. Inner methods  MSCHAPv2, MSCHAP, MD5  TLS Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 14. 802.1x components configuration  802.1x server or Access Server needs to add switches / Wireless controller with pre-shared key defined.  Switch port 802.1x enablement  Switch /Wireless controller to contact with Access Server using pre-shared key.  Dynamic authorization enablement (if supported by NAD devices).  User PC / Server or VM needs to be 802.1x supplicant (Windows, Linux built-in or third-party supplicant like CISCO Anyconnect) enabled.  Finally correspondent rules for 802.1x authentication & authorization. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 15. MAB configuration components  Access server configuration for 802.1x exception  Switch port MAB enablement configuration  Open SSIDs in WLAN to be configured for MAB for guest redirection. Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 16. Policy based dynamic access  Can be achieved using Microsoft NPS (No posture, device profiling, MDM integration, BYOD, Needs windows server 2K8 and 2K12 enterprise licensed)  Can be achieved using CISCO ISE. (Licensed product. Needs feature unlock license).  Can be achieved using OpenNAC (open-source, No posture)  Can be achieved using PakcketFence. (open-source, supports almost everything) Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 17. Dynamic NAC process Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308 Failover ? Learn MAC Start IEEE 802.1x IEEE 802.1x Fails Retries Exceeded ? MAB configured MAB configured ? MAB Pass? Web-Auth ? Auth Fail ? Auth-Fail VLAN Restart Timer Restart Time Expire Quite Period Expire No Access Web-Auth Passed Web-Authorization MAB Authorization Y N N Y Y Y N N Y N N Y Y
  • 18. Implementation summary  Deploying AD with domain name “bdnog2016.org”. (Optional)  Deploying Certificate server (Microsoft CA, Entrust CA, OpenSSL etc.) (Optional)  Deploying external RADIUS server. (Optional)  Deploying OTP server (Optional)  Deploying Identity Service Solution (ISE, Open-NAC or PacketFence). (mandatory)  Select supported NAD device. Cisco WS-C2960+24PC-L is ideal for this operation. We can also select Dell Force10 switches, PowerConnect specific models.  Using wireless controller (Cisco WLC, ARUBA, Chillispot for dwrt based AP Etc.) Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 19. CASE STUDY SCENARIO: ISE DISCUSSION ON A STUDTY THAT ALREADY BEEN IMPLEMENTED AND FUNCTIONAL IN ONE OF THE LARGEST NGOs IN BANGLADESH WITHIN ALL 87 BRANCHES CONNECTED USING MPLS BACKBONE Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 20. Solution High Level Design Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 21. Placement in network  Recommended to deploy in server zone. Not necessary to deploy in DMZ as the service will be used by users within the organization.  Must have secure firewall policies that will permit only the ports needed for 802.1x, RADIUS, Wep-Portal Redirection & Posture redirection  Wireless LAN Controller can be placed on L2 network or L3 network (Use FQDN broadcast using the enterprise Domain-Controller).  All NAD devices (Switches, Firewall, Wireless LAN Controller should be able to communicate with both ISE servers). Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 22. Advance placement issues  Do not place the ISE or NAC servers in Access Zone.  Try to create separate zone for the ease of policing and security issue mitigation.  If used de-centralized DHCP broadcast (in case of L3 MPLS) try Flex-Connect option at the branch AP.  Use Flex-ACL, AP-Group policy to make management easy and to ensure session control for web-redirection (Avoid 500 Internal Error) Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 23. NAD configuration (Switch)  Switch-Global configuration  -----------------------------  Switch(config)# aaa new-model  Switch(config)# radius-server host 10.10.2.250  Switch(config)# radius-server key <mykey>  Switch(config)# aaa authentication dot1x default group radius local  Switch(config)# dot1x system-auth-control  Switch(config)# aaa authorization network default group radius  Switch(config)# radius-server vsa send authentication  Switch(config)# radius-server attribute 6 on-for-login-auth  Switch(config)# radius-server attribute 8 include-in-access-req  Switch(config)# radius-server attribute 25 access-request include  Switch(config)# radius-server vsa send accounting  Switch(config)# radius-server vsa send authentication Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308  Port Configuration  ------------------------------  Switch(config-if)# switchport mode access  Switch(config-if)# authentication event fail action next-method  Switch(config-if)# authentication event server dead action authorize vlan 10  Switch(config-if)# authentication event server alive action reinitialze  Switch(config-if)# authentication host-mode multi-auth  Switch(config-if)# authentication closed  Switch(config-if)# authentication port-control auto  Switch(config-if)# authentication violation restrict  Switch(config-if)# ip device tracking  Switch(config-if)# dot1x pae authenticator  Switch(config-if)# spanning-tree portfast
  • 24. NAD Configuration (WLC)  Remote AP should be in flex-connect mode.  Permit & Deny ACL should be configured on WLC, must be pointed at ISE under policy to dynamically allocate for wireless users.  Redirection ACL should be configured on WLC (For flex AP, ACL will be FLEX-ACL while similar empty ACL will be in Normal ACL). Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308
  • 25. Enjoy 802.1x Presentation by: Faisal Md Abdur Rahman, BDPEER | faisal.rahman@bdpeer.com | www.bdpeer.com Phone: +8801687477308