Previous Page Next Page

Identity-Based Networking Services (IBNS)

The Cisco Identity-Based Networking Services (IBNS) solution offers cost-effective user/device management, flexibility and mobility, and reduced operating costs associated with granting and managing access to security network resources. Cisco IBNS provides an important addition to the tools available for securing the network.

Cisco IBNS is an integrated solution combining several Cisco products that offer authentication, access control, and user policies to secure network access and resources. The IBNS solution extends network access security based on the 802.1x technology and the Extensible Authentication Protocol (EAP). The IBNS solution provides identity-based network access control and policy enforcement at the port level.

The Cisco IBNS technology solution provides the security of physical and logical access inside the LAN. Cisco IBNS integrates all the capabilities defined in 802.1x technology. Combined with 802.1x technology, Cisco IBNS provides an integrated solution to implement identity-based network access control and policy enforcement at the port level. With IBNS, identification of both users and machines is possible through secure authentication technologies. The solution allows granular control in which policies are associated dynamically on network devices based on a user or device identity.

Cisco IBNS offers scalable and flexible access control and policy enforcement services and capabilities at the network edge as follows:

These services and capabilities are available when a Cisco end-to-end system is implemented.

As mentioned earlier, Cisco IBNS integrates all the capabilities defined in 802.1x technology. Additionally, Cisco IBNS solution offers specific services that are beyond the traditional 802.1x services. Examples include

Cisco IBNS solutions based on the 802.1x technology include the following components:

The solution works when IEEE 802.1x-compliant client software is configured on the end device, sending requests to the Cisco Catalyst switches running IEEE 802.1x features. The switch relays the authentication request from the user or device to the back-end Cisco Secure ACS security server. The basic communication between these devices is in compliance with the IEEE 802.1x standard.

Cisco Secure ACS

The Cisco Secure ACS server is a key component of the Cisco IBNS architecture.

As mentioned earlier, Cisco IBNS is primarily a security standard for port-based access control that combines the IEEE 802.1x and the EAP to extend security AAA inside the LAN.

Before IBNS solutions were available, network access control was possible only at the perimeter of the network. Similarly, prior to 802.1x technology, decentralized methods of MAC existed, such as port security on the switches and MAC address filtering on the access points. However, these methods were configured statically on the devices themselves. (They had to be changed and updated individually on each port or device.) Cisco IBNS offers a centralized solution using the Cisco Secure ACS server and is dynamically updated.

With Cisco IBNS architecture, policy enforcement and control (such as per-user quotas, VLANs, ACLs, and identity-based session accounting and auditing) are possible within the internal LAN segment.

Several additional features are available through the Cisco Secure ACS as the 802.1x authentication server, such as

The Cisco Catalyst switches or wireless access point (AP) can be enabled as RADIUS clients, to make them capable of querying a AAA server for these controls.

External Database Support

Cisco Secure ACS RADIUS server supports internal user database and external database sources such as Microsoft Active Directory, Novell NDS, and Lightweight Directory Access Protocol (LDAP). The external database support provides the flexibility and scalability of integrating into the existing user database structure, thereby simplifying the overall deployment.

Previous Page Next Page