802.1X can be implemented using a phased deployment model that allows for limited impact on network access while gradually introducing authentication and authorization.
It is generally recommended to begin the phased deployment with monitor mode in a well defined area of the network.
Think of this phase as an audit phase. Your network administrators can gain visibility into who will succeed and who will fail, determine the failure reason, and remediate the problem before enabling a stronger enforcement mode.
It is generally recommended to begin the phased deployment with monitor mode in a well defined area of the network.
Think of this phase as an audit phase. Your network administrators can gain visibility into who will succeed and who will fail, determine the failure reason, and remediate the problem before enabling a stronger enforcement mode.
Before moving from monitor mode to a stronger enforcement mode, you must decide whether low impact mode or closed mode is most appropriate.
The choice will depend on factors internal to your organization and your organization's security policy. It is possible that different modes may be appropriate in different areas of your network. For example it may be optimal to use low impact mode at the headquarters campus and closed mode at branch offices.
The choice will depend on factors internal to your organization and your organization's security policy. It is possible that different modes may be appropriate in different areas of your network. For example it may be optimal to use low impact mode at the headquarters campus and closed mode at branch offices.
After a successful phase of deployment, it is time to move to the next phase.
After a successful audit phase, you can move to the preferred enforcement mode for that area of the network.
You can also extend the identity solution to other areas of the network using monitor mode.
After a successful audit phase, you can move to the preferred enforcement mode for that area of the network.
You can also extend the identity solution to other areas of the network using monitor mode.
No comments:
Post a Comment