Security Solutions
3-25
Designing Access Controls
Choose the Access Control Methods
Table 3-8. Access Control Method by Administrative Workload
Endpoints
What types of endpoints will connect to the network?
Not all endpoints support the three access control methods equally. Some
access control methods are more dependent on particular hardware or soft-
ware than others. With MAC-Auth, for example, the only required equipment
is a NIC. Web-Auth, on the other hand, requires a Web browser, and 802.1X
requires a supplicant.
Table 3-9 summarizes the requirements for all three access control methods.
Table 3-9. Endpoint Compatibility of Access Control Methods
The capabilities of your endpoints necessarily dictate your access control
method. Because all endpoints require a NIC to access the network, they
automatically support MAC-Auth.
Factor Private Wired Public Wired Private Wireless Public Wireless
Administrative
workload
Web-Auth Web-Auth Web-Auth Web-Auth
MAC-Auth Web-Auth 802.1X
Supported endpoints All endpoints Most endpoints with user
interfaces
Workstations and laptops
with current OSs, newer
APs, printers, fax machines,
and some PDAs
Requirements for support Only a standard NIC Web browser support OSs that include an 802.1X
supplicant:
• Windows Vista, XP (SP2),
2000 (SP3 or later)
• Mac OS X 10.3 or later
• Linux Red Hat 8.0 or 9.0
(WPA supplicant for
wireless access)
• SUSE Linux Enterprise 9
or 10 (WPA supplicant for
wireless access)
Third-party supplicants such
as:
• Juniper Networks
Odyssey client
• Xsupplicant for Linux