Previous Page Next Page

Chapter 11. Layer 2 Access Control

The demand for comprehensive network security has never been greater. Malicious users remain a threat; they steal, manipulate, and impede information, and they interrupt network services. Numerous solutions are available to address a network's perimeter defense at the boundaries, but the greatest threat of information theft and unauthorized access remains within the internal network at the access level.

Organizations rely on networks to efficiently and securely manage who and what can access the network, and when, where, and how network access can occur. As threats of network service disruption by unauthorized access become more numerous, network reliability and security become more critical at each layer within the network.

The relative ease of physical and logical access to a network has been extended to enable a greater level of mobility, providing several benefits to business operations and overall productivity. However, this greater level of mobility brings concerns with it and demands more and more security solutions.

Cisco security portfolio provides an ecosystem of Cisco Trust and Identity Management solutions by offering access control at the media access level (data link Layer 2) through the implementation of the Cisco IBNS (Identity-Based Networking Services) and 802.1x technology.

Note

The data link layer is Layer 2 of the seven-layer OSI model. The data link layer (Layer 2) responds to service requests from the network layer (Layer 3) and issues service requests to the physical layer (Layer 1).


The Layer 2 access control solution provides secure network access and admission at any point in the network, and it isolates and controls unauthorized devices that are attempting to access the network. Layer 2 access control provides security via a user-based policy enforcement model at the port level, media access level, or logical connection.

This chapter outlines a framework and system based on technology standards that provide identity-based network access control, down to the user at the access port level at Layer 2.

Trust and Identity Management Solutions

The Cisco Trust and Identity Management Solutions offer the following essential security functions:

The Cisco Trust and Identity Management solution comprises three technologies:

Building on the three types of technologies of the Cisco Trust and Identity Management solution, this chapter primarily covers how the Cisco IBNS and 802.1x combined technologies provide an important addition to the tools available for securing the network.

Figure 11-1 summarizes the Cisco Trust and Identity Management Solutions.

Figure 11-1. Cisco Trust and Identity Management Solution Ecosystem


Previous Page Next Page