
Access Control Concepts
Network Access Control Technologies
5.If it authenticates the user, the PDP draws on additional policy informa- tion from the repository to authorize the user for particular resources. It then generates
6.The PEP configures its ports according to the instructions from the PDP. The user’s endpoint receives the appropriate level of access.
Authentication-Based Network Access Control
Methods
This section describes the three most common methods for enforcing network access control at the edge. Built on the architecture described in the previous section, these methods hinge an endpoint’s level of network access on a PDP’s decisions. These decisions are, in turn, based primarily on the validity of credentials submitted by the user but perhaps on other policies as well.
The three methods are:
■MAC authentication
■Web authentication
■
802.1X is the most secure option. However, for reasons explained in the rest of this guide, another method might meet your requirements. You can also implement different methods in different areas of your network or begin by enforcing a less secure method and eventually migrate to 802.1X. Chapter 3: “Designing Access Controls” will give you more guidelines for your design.