Anyone ever implement 802.1x port based authentication on a large scale? We always have visitors at our main building and are looking for a way to eliminate their access. At a previous job MetaIP mac databases were implemented...only known mac address are given ip addresses. It worked like a charm, but managing 4000+ mac addresses wasnt fun.
For this solution I wouldnt go the mac address route...most likely AD username/passwords using PEAP and Radius. I'm just unsure how the credentials are actually passed through. Is access given everytime a user logs on? Does it use the current credentials when you initially login to the domain or are there other steps?
Any pitfalls associated with this type of authentication? I'm aware of the problem with a hub on one of the switchports. Failed authentication would cut everyone on that switchport correct? Any input is appreciated!
For this solution I wouldnt go the mac address route...most likely AD username/passwords using PEAP and Radius. I'm just unsure how the credentials are actually passed through. Is access given everytime a user logs on? Does it use the current credentials when you initially login to the domain or are there other steps?
Any pitfalls associated with this type of authentication? I'm aware of the problem with a hub on one of the switchports. Failed authentication would cut everyone on that switchport correct? Any input is appreciated!