Switching into overtime

By Joel Snyder
Network World, 04/04/05

If you've got 5 more minutes, you can also turn on wired 802.1X on LAN switches from all major vendors. In a wired environment, 802.1X doesn't give you encryption, but it does give strong authentication. With 802.1X in a wired world, the switch is configured much like an access point. It needs to know where the RADIUS server is and a shared secret, and that's about it. Do it right and champagne falls from the heavens, doors open and velvet ropes will part. Plus you get a more secure wired LAN.

We started with an HP 2524 switch already configured into our network. With our HP switch, enabling 802.1X took five commands, because we wanted the simple case. Many wired switch vendors have a variety of scenarios for different virtual LANs , depending on whether a port is unauthenticated, successfully authenticated or fails authentication. We resisted this complication and got 802.1X up very quickly.

On the Windows laptop, we again used Microsoft's built-in 802.1X supplicant. This time, we didn't have the option of using the add-on client provided by Dell because the Dell client only worked with wireless cards. Microsoft's client can handle either case using the exact same interface.

In the world of Macintosh, 802.1X on a wired LAN requires on additional step. We launched a program called Internet Connect that is used to define 802.1X connections and Point-to-Point Tunneling Protocol, IPSec and Layer 2Tunneling Protocol VPNs. With Internet Connect, we defined an 802.1X connection, selecting the Ethernet port and gave our username and password. Once that's in place, all we had to do is click "Connect" to successfully authenticate to the HP switch.