- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Senior Editor Tim Greene clarifies issues surrounding the evolving NAC security architecture.
It looks like Juniper is following through on its promise to support NAC in its new EX LAN switches.
In Network World tests the switches demonstrated the ability to restrict authentication via 802.1x, which is considered the most secure and scalable method of NAC authentication. (Compare NAC products)
The test found that the switches can authenticate multiple or individual devices per port, to static or dynamically assigned virtual LANs (VLAN) or via dynamically applied access control lists.
In addition, the switches can authenticate based on media access control (MAC) addresses, which comes in handy for devices that don’t have 802.1x agents on them such as printers and IP phones.
Here’s exactly what Network World tester David Newman had to say:
“Considering Juniper's longtime advocacy of NAC, it's not surprising that the EX 4200 did well in our authentication tests.
The switch passed all six scenarios, five of which used 802.1X. These tests examined authentication into a statically defined
VLAN; authentication of multiple clients per port; authentication into a dynamically allocated VLAN; authentication with dynamically
applied access control lists (ACL); and placement into a restricted VLAN upon authentication failure.
“In the ACL test the switch applied rules previously defined on the switch; this is far less cumbersome than the approach taken by some other switches, where ACLs must be entered into the RADIUS server then returned to supplicants during authentication.
“The switch also passed a sixth test involving authentication by a MAC address; this scenario represents the case where an end-station, such as a printer, lacks 802.1X supplicant software. One catch here was that the switch's CLI did not display clients currently authenticated by MAC addresses, as it did with 802.1X-authenticated clients. Juniper says it expects an August software release to remedy that.”
The full Network World review of the EX switches can be found here.
Tim Greene is senior editor at Network World.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
Slow news weekBy Anonymous on July 22, 2008, 1:40 pmWhat's the logic behind summarizing an old switch test and dressing it up as news? Have Juniper have started "sponsoring" NWW to get favorable coverage the same...
Reply | Read entire comment
WowBy Anonymous on July 22, 2008, 9:14 amWow switches that can authenticate on MAC addresses! Thats new!
Reply | Read entire comment
View all comments