Portnox Cloud NAC 802.1x Foundation Deployment
Portnox Wired 802.1x Solution – Cloud Delivered NAC
Wired 802.1X is an increasingly required security control in modern networks. Wired 802.1X puts a digital lock on the front door of our networks. Guests, employees or attackers need to be prevented from plugging in unauthorized computers and other devices into the network. Any unauthorized device can be a source of malicious software or traffic on the network leading to a serious security incident.
The Need for Port Security
802.1X was first released as a standard by IEEE in 2001. It was expected that it would have quick adoption as it solved an obvious security hole: Anyone with access to a building with an Ethernet switch could often get full access to the network. Twenty years have passed and many organizations have still not implemented this foundational security control. The reason is because though the problem is obvious, the solution is multi-faceted and complex.
Complex Deployments Led to Mistrust
The deployment of 802.1X requires changes in the computer operating system, the switches in the network, and in Authentication, Authorization, and Accounting (AAA) systems. Computer operating systems must be configured with 802.1X settings and often have certificates installed for authentication. Different operating systems (Windows, Mac, Linux) implement 802.1X in different ways and with different behaviors.
In switches, 802.1X, RADIUS, and configurations for different failure scenarios must be configured. Vendors often take their own spin on 802.1X, both at the switch level and in the operating system, adding complexity. This technical complexity made early deployments of 802.1X fraught with outages. The risk of outage created distrust with 802.1X.
Both the products and engineers now have the decades of experience needed to make 802.1X deployments both successful in
modern networks and less impactful to users. Vendors of computer operating systems, switches, and AAA systems have matured their solutions. Engineers now implement phased 802.1X deployments that minimize impact on users.
Our Process
Pricing, Options and Deliverables
Seasoned Experts
Crossconnect is well versed and highly experienced in deploying Wired and Wireless 802.1X with many AAA services including Portnox’s Cloud NAC service. Crossconnect is highly experienced with its design, deployment, and maintenance and is ready to assist with any Portnox Cloud NAC or 802.1X project.
Start the Journey
The Crossconnect 802.1X Foundation Deployment is ideal for organizations to start adopting wired 802.1X security
and to be ready to expand network security controls in the future.
Service Deliverables:
The focus of the Foundational Deployment service is to adopt Wired 802.1X on a wired network with industry best practices for one site and five user switches. 802.1x is best adopted in a ‘slow and steady’ fashion, and starting with a small set of devices is recommended.
Portnox Cloud NAC differs in some ways from on-premises 802.1X/AAA solutions. Portnox does not require on-premises servers for many situations and only small Tiny Core Linux servers for others. However, its feature set is smaller than an on-premises AAA solution like Cisco ISE or Aruba Clearpass.
One Site, Five User Switches up to 48 Ports Each (Recommended adoption size, but expandable options below)
Portnox Cloud NAC Instance Setup
Installation of one Portnox Failover Server
Multi-phased installation (open mode, low-impact mode) to ensure minimal user impact
EAP-TLS Certificate Authentication
Computer Authentication – Assures only organizationally-owned devices are
allowed on the network
Pricing
$23,100
/one-time
charge
Additional Portnox On-Prem Failover Server
$1,000
Additional five 48 Port User Switches
$8,000
Create MS Certificate Authority Server (if needed)
$3,300
Wireless – one SSID w/EAP-TLS Authentication
$9,240
Initial configuration of TACACS and 5x Switches
$3,960
Configure 5x additional switches for TACACS
$1,320
Wired Guest Portals
Consult Sales
EAP-TEAP (User Authentication)
Consult Sales
Downloadable ACLs (East/West segmentation)
Consult Sales