Identity Based Network Access


Aidan McDonald - CIT
Brian O'Donoghue - Cisco Systems

How do I know who is connecting to my network? How do I give different access on my network based on the user?

Network port security has historically been based on MAC security, and network security around ACLs. Wouldn’t it be nice if that was user based? We deployed a security solution onto our network that allows us to have open ports, with these ports been dynamically configured when a device is attached. The security level that ports is given is based on the "Identity of the device", identity can be the user of a device, type of device, it can even be the state of the device.

We will discuss how CIT have adopted Radius based identity-management platform, Cisco's Identity Services Engine, that can be used to gather rich user context from devices attaching to wired and wireless networks, whether these networks are Cisco or non-Cisco.

We will also explore how this rich context can be utilised to provide dynamic, differentiated, policy-based access to networks and dramatically reduce the amount of manual configuration updates needed within networks.