Home > ieee 802.3ad > Can I use 802.1x and LACP to secure the networking infrastructure?

Can I use 802.1x and LACP to secure the networking infrastructure?

August 3Hits:12

Suppose you have a network like this:

                   +-------------------------+         +---------------------------+                    |                         |         |                           |                    |                         |         |                           | +--------+         |           core          |---------|           core            | | radius |---------|         switch #1       |---------|         switch #2         | | server |         |                         |         |                           | +--------+         |                         |         |                           |                    +-------------------------+         +---------------------------+                          |            |                      |               |                    +-----------+ +-----------+         +-------------+ +-----------+                    |  access   | |  access   |         |   access    | |  access   |                    | switch #1 | | switch #2 |         | switch #N-1 | | switch #N |                    +-----------+ +-----------+         +-------------+ +-----------+ 

I want to make sure that it is not possible to connect a device (pc or another switch) to the network that is not allowed. Therefore I am thinking about using 802.1x to authenticate the switches. My plan is to follow the best practices as explained in slides 79 and 80 of this presentation.

The problem raises when I need to connect the two core switches with multiple ethernet cables because 1Gbps is not enough but using a fiber is too expensive.

I am reading this document from HP where they say

To help maintain security, the switch does not allow 802.1X and LACP to both be enabled at the same time on the same port.

So I am wondering if this limitation is due to the HP products or by the design of the protocols.

My main doubt is that an attacker unplugs one of the ethernet cables between the core switches and attaches another switch, which can intercept the traffic since the switch is not using 802.1x on the trunk ports.

It it possile to use 802.1x with trunk ports?

Related Articles

  • Can I use 802.1x and LACP to secure the networking infrastructure?August 3

    Suppose you have a network like this: +-------------------------+ +---------------------------+ | | | | | | | | +--------+ | core |---------| core | | radius |---------| switch #1 |---------| switch #2 | | server | | | | | +--------+ | | | | +-------

  • Do 802.11b devices slow down other, newer networks on or near the same channel?February 13

    I believe it is well-known and accepted that 802.11b devices connected to networks using newer protocols will slow down the newer devices on that network. The workaround, of course, is to disable 802.11b support so nobody with an 802.11b device will

  • How would I create multiple VLAN interfaces on a 802.1Q and LACP trunked network connection on Solaris?February 16

    I've got a Solaris (Nexenta) NAS box that I'm trying to create multiple VLAN subinterfaces for. Currently, I've got an LACP aggregated link set up on the network to my switch (Cisco 3750). The switch port-channel interface is in access

  • How to setup a lacp bond for multiple network connections in XenServerMay 27

    We're currently looking to use XenServer with Essentials for XenServer Enterprise together with a iSCSI SAN. What we're looking to do is to bond 4 gigabit ethernet connections to provide a large link to the iSCSI dedicated network. From reading aroun

  • 802.1x or mac port security on SAN switchesNovember 23

    I'm going through DISA security hardening on our network devices. Our iSCSI SAN network uses 2 Cisco 2960G layer 2 switches. The SAN consists of 2 HP P4000 devices. Servers are 3 Dell R710s in a Hyper-V cluster. DISA has a rule about enabling port se

  • Requiring 802.1x login before allowing access to network resourcesNovember 26

    I have a ZyXel GS2200-24 managed switch, and a free-radius server running on Ubuntu 11.10. Radius is configured and when I log into the switch the authentication goes through Radius. Now, I'm trying to ensure that access to web resources (as an examp

  • How well does 802.11k actually perform on large-scale networks?March 31

    As a student employee I've done some research on 802.11k and I understand that it's intended to help with devices roaming and also helping the client decide on the best (B)SSID to join. In practice for large-scale networks it would be beneficial, esp

  • Broadcom 802.11n won't connect to home networkJanuary 7

    This has been very frustrating. I have updated firmware on my old router. I updated bios. Uninstalled wireless card and rebooted. Updated wireless driver. Bought a new router. I get ip address and default gateway. It says connected but limited. I can

  • Network bonding mode 802.3ad on Ubuntu 12.04 and a Cisco SwitchFebruary 11

    I am trying to team 3 network cards together on 2 servers. I am trying to achieve a maximum throughput of 3Gbps to replicate data between the servers. The setup is simple, I have 2 servers with 3 Gigabit network card connected on the same Cisco switc

  • Bonding not working properly (CentOS 5.4, Intel 10G, 802.3ad)February 25

    We've configured network bonding using a Intel Network Adapter X540 with two ports. Both ports are connected to a Brocade switch with a configured LACP trunk. Everthing seems to work fine; but when we physical disconnect both ports, the status of the

  • Linux Centos6 adapter bonding - Cisco 2960S EtherChannel LACPJune 21

    I want to connect a CentOS 6.4 Linux Box with two NICs to a Cisco 2960S using LACP 802.3ad port aggregation. This mainly for redundancy reasons (and hopefully more bandwith). We don't use VLAN tagging. With the config listed below the link aggregatio

  • LACP with 2 NICs working when either one is down, not when both are upSeptember 26

    I'm running into problems with getting a LACP trunk to operate properly on Ubuntu 12.04.2 LTS. My setup is a single host connected with two 10 Gbe interfaces to two seperate Nexus 5548 switches, with vPC configured to enabled multi-chassis LACP. Nexu

  • OEL 6.5 bonding mode=802.3ad no connectionNovember 14

    OEL 6.5 bonding mode=802.3ad no connection I configured 2nic into bond on OEL 6.5. to cisco switch (lacp) ---------- | eth0 |=====+ +~~physical-link~~\ ---------- || --------- | ---------- |===| bond0 |==> | switch | ---------- || --------- | -------

  • Linux interface RX Packet Dropped with LACP and not doing loadbalacingDecember 23

    OS: CentOS 6.6 / 64bit / Kernel 2.6.32-504.30.3.el6.x86_64 I have bond0 interface with following configuration. Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009) Bonding Mode: IEEE 802.3ad Dynamic link aggregation Transmit Hash Policy: lay

  • Unable to get 802.3ad working on Ubuntu 14.04.3January 8

    I have an Ubuntu server as my gateway to the internet, with 2 82574LM Eth cards on the LAN side. I wish to aggregate both. My Eth switch supports 802.3ad, and is configured in dynamic mode, which I have enabled only on the ports that these Eth ports

  • What are the advantages of wireless networking protocols 802.11 a,b,g, and n?September 24

    I'm looking at a laptop purchase and considering whether to pay more for a card that does 802.11 n as well as 802.11a,b,g. All the pulic networks I see always run 802.11b. I know a and g have more throughput but I seldom maximize the throughput of b.

  • Does a 300mbps 802.11n wireless connection have any noticeable speed improvement over 54mbps g?April 21

    300mbps sounds wonderful, but not with my horrible Comcast internet connection. I doubt there's an internet connection in America that even hits 54mbps. So I'm guessing that the only reason someone would be inclined to upgrade is for faster data tran

  • 802.1X: What EXACTLY is it regarding WPA and EAP?January 1

    I understand 802.1X to be some sort of port authentication control. However, when I was checking out the encryption settings for my wireless I found 802.1X in a drop down along with WPA2, WPA and WEP, but I don't see how it can be an alternative for

  • Is it possible to have 802.1Q trunk port on Windows Server 2008?May 3

    I would like to have multiple vlans on Windows Server 2008 machine. Is there any way how to configure trunk port on Broadcom NetXtreme adapter on this OS ? Thank you. --------------Solutions------------- Based on the product brief for the NetXtreme c

  • MAB and 802.1x Issue - MAB-authenticated device gets droppedApril 11

    I'm trying to use 802.1x to authenticate clients on my network with dynamic VLAN assignment from RADIUS. We have IP-Phones(powered by PoE) that only supports EAP-MD5, and we would rather use MAB(it also uses LLDP-MED for some settings) to authenticat

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.389 s.