802.1X Port-Based Network Access: Passwords for IP Addresses

Introduction: The Dead Wall Jack

In the old days, if a hacker walked into an office and plugged into a wall jack, they were instantly on the network. They got an IP address and could start scanning servers. Today, modern offices use the 802.1X Protocol (Network Access Control) to 'kill' the wall jack until the computer proves who it is.

Identity Before IP

With 802.1X, when you plug a computer in, it does not get an IP address. Instead, the switch demands an authentication certificate or a Username/Password. The switch sends these credentials to a central RADIUS server. Only if the password is correct will the switch 'unlock' the port and allow the DHCP server to hand out an IP address.

Conclusion

802.1X is the bouncer of the physical network. It ensures that an IP address is a privilege earned through authentication, not a right granted by proximity. Assess your NAC status here.