POLL: 802.1x deployment

Jimmy Hess mysidia at gmail.com
Wed Sep 26 00:32:23 UTC 2012


On 9/25/12, Carsten Bormann <cabo at tzi.org> wrote:
> Surely you are joking, Mr. Ashworth.
> The entirety of eduroam is on 802.1X (better known as WPA Enterprise).

ding ding ding.   WPA Ent  wireless authentication calls upon  802.1X.

And  802.1X wired port security is also a feature of many switches,
and provides stronger protection than MAC-address based port security
functionality;  and 802.1x option  may be used by at least some
organizations,  to  protect against unauthorized connections to secure
wired networks, and/or  to force guests / salespeople / vendors
plugging in their laptop,  to be placed in a  guest LAN;  instead of
gaining access to the company's secure internal network,  if they
sneak over to someone's desk, unplug the desktop, and plug in their
laptop to attempt some covert network scanning.....


Wired switch vendors don't add 802.1X to their switches for their
health, it would be less expensive to make a product without the
development effort to add the function;  someone wants the feature.

In this case,  the remaining burden of proof should be on whomever
wants to claim it's not widely deployed.

> http://en.wikipedia.org/wiki/Eduroam
> (but, aside from the US, it mostly lists just the countries).
> When you are done drilling down, there should be about 6500 names of sites
> on the list.

> eduroam deployment started in 2003.

Eduroam?   What standard is that?




> Grüße, Carsten
---
-JH



More information about the NANOG mailing list