Identity-Based Networking Services Overview

Identity-Based Networking Services provides a policy and identity-based framework in which edge devices can deliver flexible and scalable services to subscribers. This module provides information about what Identity-Based Networking Services is and its features and benefits.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Identity-Based Networking Services

Understanding Identity-Based Networking Services

Identity-Based Networking Services provides an identity-based approach to access management and subscriber management. It offers a consistent way to configure features across technologies, a command interface that allows easy deployment and customization of features, and a robust policy control engine with the ability to apply policies defined locally or received from an external server to enforce policy in the network.

The figure below illustrates a typical deployment of Identity-Based Networking Services in a physically distributed enterprise with a campus, branch offices, and remote workers.

Figure 1. Sample Deployment

Features in Identity-Based Networking Services

Identity-Based Networking Services includes the following features:

  • Cisco common classification policy language (C3PL)-based identity configuration

  • Concurrent authentication methods on a single session, including IEEE 802.1x (dot1x), MAC authentication bypass (MAB), and web authentication

  • Downloadable identity service templates

  • Extended RADIUS change of authorization (CoA) support for querying, reauthenticating, and terminating a session, port shutdown and port bounce, and activating and deactivating an identity service template.

  • Local authentication using Lightweight Directory Access Protocol (LDAP)

  • Locally defined identity control policies

  • Locally defined identity service templates

  • Per-user inactivity handling across methods

Benefits of Identity-Based Networking Services

Identity-based solutions are essential for delivering access control for disparate groups such as employees, contractors, and partners while maintaining low operating expenses. Identity-Based Networking Services provides a consistent approach to operational management through a policy and identity-based infrastructure leading to faster deployment of new features and easier management of switches.

Identity-Based Networking Services provides the following benefits:

  • An identity-based framework for session management.

  • A robust policy control engine to apply policies defined locally or received from an external AAA server.

  • Faster deployment and customization of features across access technologies.

  • A simpler and consistent way to configure features across access methods, platforms, and application domains.

IP Device Tracking

IP device tracking can be configured using the Switch Integrated Security Features (SISF) policy. Use the tracking enable command in device tracking configuration mode, to configure device tracking using SISF poilcy. Use the show device-tracking command to display the device tracking configuration.

The following is the sample configuration for device tracking.

Device(config)# device-tracking policy sisf_policy
Device(config-device-tracking)# tracking enable
Device(config-device-tracking)# exit
Device(config)# interface GigabitEthernet 3/0/1
Device(config-if)# switchport mode access
Device(config-if)# device-tracking attach-policy sisf_policy
Device(config-if)# end

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

Identity-Based Networking Services commands

Cisco IOS Identity-Based Networking Services Command Reference

Address Resolution Protocol (ARP) commands

Cisco IOS IP Addressing Services Command Reference

ARP configuration tasks

IP Addressing - ARP Configuration Guide

Authentication, authorization, and accounting (AAA) configuration tasks

Authentication Authorization and Accounting Configuration Guide

AAA commands

Cisco IOS Security Command Reference

Standards and RFCs

Standard/RFC

Title

RFC 5176

Dynamic Authorization Extensions to RADIUS

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

Feature Information for Identity-Based Networking Services Overview

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Table 1 Feature Information for Identity-Based Networking Services Overview

Feature Name

Releases

Feature Information

Web Authentication Support of Common Session ID

Cisco IOS Release 15.2(1)SY

Allows a single session identifier to be used for all web authentication sessions in addition to 802.1X and MAB authenticated sessions.

In Cisco IOS Release 15.2(1)SY, this feature is supported on Cisco Catalyst 6500 Series Switches