Mike Fratto is Lead Analyst for the NAC Immersion Center and is Managing Editor/Labs for InformationWeek.
Sidebar: Playing Nice With 802.1X
While 802.1X port authentication ensures that only authenticated users can access the network, it's not without its headaches and can, in fact, be the bane of automation. In a perfect world, you'd be able to plug any device into any port and the port would respond properly. However, an 802.1X port in an unauthenticated state, by default, denies all traffic. Protocols like LLDP and LLDP-MED, the link layer discovery protocols that are used by IP phones to request configuration information, can't pass LLDP traffic unless they authenticate first, for example, and other protocols, like Wake-On-LAN and the PXE boot agents used to automate desktop deployments, are equally affected.
Several strategies can enable automation in an 802.1X environment. In smaller networks where you control physical access, you can manually define which ports are 802.1X-enabled and which aren't, and ensure that hosts are connected appropriately. However, ensuring physical connections is difficult when you have a lot of hosts. Most switches can be configured to place a port into a default VLAN if a supplicant isn't responding to 802.1X, or a port may be moved to a VLAN and opened if 802.1X fails authentication. Alternatively, MAC-based authentication can be used to get an IP phone online.
If you plan to roll out network access control, 802.1X is often a good choice for enforcing control. As more companies upgrade their switching and gain experience with 802.1X, we expect to see broader adoption. However, there's no guarantee that guests will have 802.1X supplicants installed, so alternative authentication measures like a Web portal or redirect that forces a user to authenticate to the switch is useful.
THE INVITATION:
TacDoh is a worldwide purveyor of deep-fried delights sold through major retail outlets. Our corporate office contains sales support, marketing, R&D, and centralized IT. Three branch offices provide localized support for sales. Employee productivity is a critical TacDoh competitive advantage and is fueled by a well-connected network and application infrastructure. Our LAN served TacDoh's data needs well, but has grown overtime with infrastructure sourced from multiple vendors. The need to leverage network dollars mandates a complete network redesign. TacDoh is searching for a new strategy and design and is very interested in the flexibility, quality of service, availability, and security features in new enterprise switches.
Change and growth are key elements the new network will have to support. Maintaining site connectivity and application support are crucial; in addition, the winning RFI will support the increasing changes forced onto the TacDoh network. We upgraded our cabling to Cat-5E a few years ago and are unlikely to perform another upgrade for a few more years. Generally speaking each desk has a single network port for a user's PC. We will run fiber between wiring closets and the data center if needed.
We have pilot projects which will be moved into deployment in the next six months. We want to prepare our LAN network in advance by:
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
