Preventing unauthorized access to data network is a critical job for a Network Administrator. This article discusses the benefits of using 802.1X access policies to secure LAN access on your Cisco Meraki MS Switches, and walks through the steps to configure your Windows 2008 NPS server, MS Switch, and your Windows and Mac clients.
Note: A trusted certificate must be installed on your NPS server in order for the switches to securely communicate with the server.
Often administrators overlook the importance of securing access to their switches. Implementing 802.1X in an Ethernet environment secures your LAN by providing authentication and access control. Authentication requires clients to provide credentials to gain access to your LAN. Access control gives you the ability to determine the level of access a user is given on the network. Additionally, 802.1X also provides administrators with accounting information. Accounting gives administrators insight as to who is connected to the LAN and when they were connected, which can be useful for network monitoring.
Ports in common areas make your corporate network vulnerable to access by guests and other unauthorized users. It's also possible for unauthorized users to gain physical access to switches, or gain access to a port in a non-public area. Utilizing 802.1X on your access layer switches gives you the ability to allow users who successfully authenticate access to the corporate LAN. Unauthorized users can be blocked entirely or placed on a guest VLAN that provides Internet access only.
All switches that will use 802.1X Access Policies must be added as clients on the NPS server. Below are the steps to add the switches as RADIUS clients.