Customer Needs Assessment

Evaluate the Existing Network Environment

However, if printers do not support 802.1X, note the location and the switch port used to connect the printers to the network. For these printers, you may be able to use MAC-Auth as the access control method.

Record the same information for fax machines, scanners, and any other endpoints. You can use Table 2-6 as an example.

Table 2-6. Recording Information about Other Endpoints

Type of

Network

Vendor

Location

Switch Connection

802.1X

MAC Address

Endpoint

Name

 

 

 

Support?

 

 

 

 

 

 

 

 

HPLaserJet

Mkt_printer

HP

Building 2,

Edge switch 2, port

No

00-11-42-65-64-CC

V printer

 

 

southwest side

A21

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RADIUS Servers

Most network access control solutions require a RADIUS server. Does your network already include such a server? If yes, what type of RADIUS server is deployed?

How are you using 802.1X: for wired access, wireless access, or both? As you

will learn in Chapter 3: “Designing Access Controls,” the answers to these questions affect the selection of an Extensible Authentication Protocol (EAP) method.

Does your network provide redundancy for RADIUS services?

Directory Service

Are you using a directory service? If yes, which one?

If you are using a RADIUS server, is it integrated with the directory service, or is the IT staff maintaining separate databases for the directory service and the RADIUS server? Does your directory service support RADIUS attributes? In other words, can you configure dynamic settings in the directory, or do you need ProCurve Identity Driven Manager (IDM) to create centralized policies?

2-31

Page 105
Image 105
HP Access Control Client Software manual Radius Servers, Directory Service, Recording Information about Other Endpoints