Cisco Identity-Based Networking Services relies heavily on the 802.1X protocol. Which other
authentication solution is used hand-in-hand with 802.1X to authenticate users for network access?
Cisco Identity-Based Network Services
The Cisco Identity-Based Network Services solution is a way to authenticate host access based on
policy for admission to the network. IBNS supports identity authentication, dynamic provisioning of
VLANs on a per-user basis, guest VLANs, and 802.1X with port security.
The 802.1 X protocol is a standards-based protocol for authenticating network clients by permitting
or denying access to the network. The 802.1 X protocol operates between the end-user client
seeking access and an Ethernet switch or wireless access point (AP) providing the connection to
the network. In 802.1 X terminology, clients are called supplicants, and switches and APs are called
authenticates. A back-end RADIUS server such as a Cisco Access Control Server (ACS) provides
the user account database used to apply authentication and authorization.
With an IBNS solution, the host uses 802.IX and Extensible Authentication Protocol over LANs
(EAPoL) to send the credentials and initiate a session to the network. After the host and switch
establish LAN connectivity, username and password credentials are requested. The client host
then sends the credentials to the switch, which forwards them to the RADIUS ACS.
The RADIUS ACS performs a lookup on the username and password to determine the credentials’
validity. If the username and password are correct, an accept message is sent to the switch or AP
to allow access to the client host. If the username and password are incorrect, the server sends a
message to the switch or AP to block the host port. Figure 13-4 illustrates the communication flow
of two hosts using 802.1X and KAPoL with the switch, AP, and back-end RADIUS server.