From: Scott Morris (swm@emanon.com)
Date: Tue May 09 2006 - 11:03:10 ART
Because per the 802.1X specification (IEEE stuff), the authentication method
listed is RADIUS only. That was part of their method of vendor neutrality
and added security features. There are other methods supported (like
Certificates and such) but nothing about local-based authentication or
TACACS (not an industry standard).
So while vendors MAY end up with other methods to authenticate, it's not
part of the spec at all. And no large customer has pushed Cisco enough to
build in support anyway, at least at this point in time. With RADIUS, the
password isn't sent in clear text, but yes everything else is.
From a security perspective, perhaps the more reasonable assumption is that
the back-end/core of your network is not as easily accessible or compromised
to have that information intercepted anyway. :)
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
thomas.rader@freesurf.ch
Sent: Tuesday, May 09, 2006 9:15 AM
To: ccielab@groupstudy.com
Subject: 802.1x authentication
Hello,