Port-Based Authentication

Cisco CCNP Switch (300-115): The Complete Course Introduction to securing a Switch
6 minutes
Share the link to this page
You need to have access to the item to view this lesson.
One-time Fee
List Price:  $139.99
You save:  $40
List Price:  €128.51
You save:  €36.71
List Price:  £110.53
You save:  £31.58
List Price:  CA$190.63
You save:  CA$54.47
List Price:  A$208.90
You save:  A$59.69
List Price:  S$188.42
You save:  S$53.84
List Price:  HK$1,092.29
You save:  HK$312.10
CHF 91.18
List Price:  CHF 127.65
You save:  CHF 36.47
NOK kr1,073.95
List Price:  NOK kr1,503.58
You save:  NOK kr429.62
DKK kr686.39
List Price:  DKK kr960.97
You save:  DKK kr274.58
List Price:  NZ$228.20
You save:  NZ$65.20
List Price:  د.إ514.18
You save:  د.إ146.92
List Price:  ৳16,307.21
You save:  ৳4,659.53
List Price:  ₹11,661.24
You save:  ₹3,332.02
List Price:  RM656.20
You save:  RM187.50
List Price:  ₦205,785.30
You save:  ₦58,800
List Price:  ₨38,789.74
You save:  ₨11,083.57
List Price:  ฿5,038.70
You save:  ฿1,439.73
List Price:  ₺4,513.75
You save:  ₺1,289.73
List Price:  B$714.59
You save:  B$204.18
List Price:  R2,565.91
You save:  R733.17
List Price:  Лв251.83
You save:  Лв71.95
List Price:  ₩189,601.05
You save:  ₩54,175.60
List Price:  ₪516.98
You save:  ₪147.71
List Price:  ₱8,098.42
You save:  ₱2,313.99
List Price:  ¥21,792.94
You save:  ¥6,227
List Price:  MX$2,325.03
You save:  MX$664.34
List Price:  QR507.87
You save:  QR145.11
List Price:  P1,886.91
You save:  P539.15
List Price:  KSh18,172.80
You save:  KSh5,192.60
List Price:  E£6,553.98
You save:  E£1,872.69
List Price:  ብር7,998.81
You save:  ብር2,285.53
List Price:  Kz118,851.51
You save:  Kz33,960
List Price:  CLP$125,220.73
You save:  CLP$35,779.90
List Price:  CN¥1,011.17
You save:  CN¥288.92
List Price:  RD$8,157.46
You save:  RD$2,330.87
List Price:  DA18,848.39
You save:  DA5,385.64
List Price:  FJ$311.92
You save:  FJ$89.12
List Price:  Q1,081.96
You save:  Q309.15
List Price:  GY$29,135.07
You save:  GY$8,324.90
ISK kr13,781.37
List Price:  ISK kr19,294.47
You save:  ISK kr5,513.10
List Price:  DH1,386.51
You save:  DH396.17
List Price:  L2,464.07
You save:  L704.07
List Price:  ден7,916.55
You save:  ден2,262.03
List Price:  MOP$1,119.16
You save:  MOP$319.78
List Price:  N$2,547.77
You save:  N$727.98
List Price:  C$5,126.52
You save:  C$1,464.82
List Price:  रु18,565.58
You save:  रु5,304.83
List Price:  S/520.05
You save:  S/148.59
List Price:  K540.79
You save:  K154.52
List Price:  SAR524.96
You save:  SAR150
List Price:  ZK3,554.51
You save:  ZK1,015.64
List Price:  L640.62
You save:  L183.04
List Price:  Kč3,180.29
You save:  Kč908.72
List Price:  Ft49,813.32
You save:  Ft14,233.39
SEK kr1,071.59
List Price:  SEK kr1,500.27
You save:  SEK kr428.67
List Price:  ARS$123,415.66
You save:  ARS$35,264.13
List Price:  Bs962.21
You save:  Bs274.93
List Price:  COP$532,965.46
You save:  COP$152,286.72
List Price:  ₡71,270.84
You save:  ₡20,364.55
List Price:  L3,448
You save:  L985.21
List Price:  ₲1,043,416.42
You save:  ₲298,140.27
List Price:  $U5,431.06
You save:  $U1,551.84
List Price:  zł548.49
You save:  zł156.72
Already have an account? Log In


Welcome back, everyone. All right, so you're not doing switch port security, you want to go with port based authentication. You could, okay. A combination of triple A authentication and port security. How about this feature is based on the I triple E 8021 x. Now, this is not the simplest thing to do.

Okay. Ah for the certification is just learning the basics of a port based authentication is because I want you to imagine this before we even get into this. Okay? Imagine a huge network campus wide branches all over the place all over the states, counties, townships, whatever. And you want to secure your switches but you have hundreds and hundreds and hundreds of employees They're constantly traveling back and forth. All right, plugging in their machines, and it could be multiple machines, maybe they don't have the same laptop every day.

They don't get a silencer they get whatever laptop is available, like they who knows. So you can be going in there. And you could do Sticky, sticky. There's a limitation. Okay. Oh, how many?

I think it's 132 MAC addresses. So if you have 600 employees, they're all using maybe two or three different laptops constantly in different locations. That's an issue. So port based authentication, using 8021 X will take care of that. But if you're in a company, that huge, or an organization that's that big, you need to think that they're using Active Directory. So it's really a combination of both.

I only using a RADIUS server AAA authentication, alright, but also looking at The user accounts in Active Directory. So it's this combination of both. But again, I digress. This is something that you would see in the real world, as long as you understand the basic concept of what you're trying to do. The rest are just a matter of where do I go click. That's it.

Okay. But keep that in mind. Open Mind. All right. If the authentication is successful, then the user can access the port normally, and he has access to the network. So before you can even access the port, or the network, you need to get authenticated by the RADIUS server.

All right. So the way you do it, it's like you would do any triple A authentication, you first new triple A new model, we're going to use RADIUS server, then our RADIUS server is going to be 10 111. The key is gonna be big secret, that is your RADIUS server. That's why I put it there. That's not a command that says, you know, the, hey, this is the RADIUS server. Now you can put whatever you want.

Here. I just put a big secret, whatever. Okay. They can do eight Triple A authentication dot one x. I want to stop right here. The i o s that you have on your switch. Make sure, make sure this is why the licensing was a big issue and the new CCNA the Tony dash 145 the features and always make sure that Dhawan x is a feature within your switch that permits you to do this, okay?

Because you can do triple A, or stack x or radius, but will allow you to do dot one x. All right, keep that in mind. The new default group radius, that's normal. That was not normal. Isn't that one x. Okay, then that one x system authentication control.

You see it on global configuration so far right. Now you're going to the interface, which we're doing a range command through the several gigabit ports, I put one through 15 Switch Port Access VLAN 10. So we're assigning these ports to VLAN 10, switch, promote access that should be members, and then not want export control out all set. So let's get a visualization. So what happens is when these clients are plugging in, they're actually sending the requests or Hey, I want to use a network, it's going to first go like it would if using use normal radius or TAC x. All right?

It's going to go to the RADIUS server. Are you a user in the RADIUS server? Yes, I am. What is your password? This is my password. Okay, you're good to go.

You have been authenticated. Go on ahead and use it. That's what it is. That's all it is, is the same exact thing that you would when we did radius previously and other courses, but the big one is this dot one x right here. Okay. there we're using dot one x.

And again, remember I said the beginning. Keep in mind, keep in mind, huge enterprise organization. With hundreds and hundreds and hundreds and hundreds of employees, putting laptops all over the place. You are going to create manually all these users in the RADIUS server know, you want it to talk to Active Directory. So those can populate automatically. And then when they go, domain controllers are synchronized.

Hey, we learned about synchronization right with NTP and all that good stuff. They're synchronized so they know all the usernames and passwords of every user in every branch. So as these employees go from branch to branch or branch because they travel, they don't have an issue. So this is huge port based authentication is something that's realistic. Okay. There's your commands right there.

If you want take it a step further. So you can see in the real world, hey, how can I make this work together with Active Directory to make your life easy, but it goes beyond the scope of the CCNP switch. But, again, that's something you may want to look into. When you go to your interview. You'd be able to ask those questions. Okay, but the simple triple A authentication, that's all it is, all you're doing is just adding a dot one x.

That's it. All right, and put it in the ports or you're using period. And as usual Hey, can I use a network sure you're authenticated. Go ahead. If you're not gonna Qaeda, you're not going anywhere. That is port based authentication.

See in the next

Sign Up


Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.