Chapter 8.  Step 4. Select Between 802.1X and DHCP

If IT decides to enforce NAP restrictions at the network layer, the organization must choose between two methods: 802.1X and DHCP. Both methods are viable, and each has pros and cons that must be carefully considered. The 802.1X standard can be more complex and expensive, but DHCP provides less security. To use 802.1X as the enforcement method, the switches and wireless access points must support the 802.1X authentication protocol, which means that the devices support Extensible Authentication Protocol (EAP) authentication pass-through to RADIUS, 802.1X authentication, traffic segmentation, and/or dynamic VLAN switching over RADIUS. Many vendors now offer hardware with these capabilities, but ...

Get Selecting the Right NAP Architecture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.