SDA – User Authentication

When an end device sends data on to the network, the network needs to be able to tag said traffic with a VNID or SGT. How does the network know who the user is?

Methods for user discovery:

  • 802.1X – usually authenticated by Cisco ISE backed off to Active Directory.
  • MAB – MAC Authentication Bypass – used for devices where no username credentials exist. IP Phones for example. The authenticating server (usually ISE) will have a list of MAC addresses and if the connecting device is in the list, access is permitted.
  • Web Authentication – hosts are allowed limited access to the network in order to authenticate via a web browser. Good for situations where 802.1x supplicants are not supported natively but means users have to authenticate interactively whenever they connect.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.