Design Guide
12
LAN Baseline Architecture Overview—Branch Office Network
OL-11333-01
Multilayered Branch Architecture
For more information on how to enable these features on Cisco Catalyst 4500 Series Switches, refer to
the configuration guide at the following URL:
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_installation_and_configuration_g
uides_list.html
For more information on how to enable these features on Cisco Catalyst 6500 Series Switches, refer to
the configuration guide at the following URL:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_gu
ides_list.html
IBNS and 802.1x
Security can be further enhanced by authenticating and authorizing users before letting them on the
network. Such a mechanism is inherent in wireless technologies. Authentication and authorization can
also be enforced on the wired LAN ports by using Cisco Identity-Based Networking Services (IBNS).
The Cisco IBNS solution is based on standard RADIUS and 802.1x implementations.
Note For more information on the Cisco IBNS solution, see the following URLs:
http://wwwin-eng.cisco.com/Eng/TME/TSE/IBNS/IBNSFAQ2-ext.pdf and http://identity.cisco.com.
Cisco IBNS interoperates with all IETF authentication servers that comply with the RADIUS (RFC
2865, 2866, and 2868) and Extensible Authentication Protocol (RFC 2284) standards. Cisco has
enhanced its Cisco Secure ACS to provide a tight integration across all Cisco switches.
802.1x is a standardized framework defined by the IEEE, designed to provide port-based network access.
Using 802.1x, users are authenticated using information unique to the client and with credentials known
only to the client.
Figure 8 provides the basic framework used to authenticate the end users.