Guest

Identity Based Networking Services

Boost Security and Efficiency, Cut Costs

Cisco Identity-Based Networking Services (IBNS) is an integrated solution that offers authentication, access control, and user policy enforcement to help secure network connectivity and resources. It helps you improve operational efficiency and cut costs by adopting today’s innovative network trends, such as mobility, cloud, and bring-your-own-device (BYOD) access. Boost network efficiency, while helping to ensure security and compliance. Cisco IBNS is the core component of the Cisco TrustSec solution, delivering network-based identity security. To meet customer needs for greater flexibility and scalability in endpoint visibility and access control, Cisco now offers IBNS 2.0.

Featured Content

Enforce Access Security Policies

Enforce Access Security Policies

Simplify access over wired and wireless networks with IBNS 2.0. (3:23 min)

Learn More
Redefining Identity Networking

Redefining Identity Networking

Follow the evolution of Cisco Identity-Based Networking Services (IBNS) 2.0.

View Infographic

IBNS 2.0 offers a flexible and extensible identity framework. It allows for any authentication method, with any authorization option, on any media: wired or wireless. It is also serves as the fundamental component of the Cisco Unified Access network and Cisco TrustSec security architectures. The new Common Classification Policy Language (C3PL)-based configuration offers a new way to define and manage enterprise network admission control.

View At-a-Glance
View Deployment Guide

Building Blocks

Phased Deployment Model

Phased Deployment Model

Cisco's deployment approach gradually introduces identity-based access control. (7:20 min)

Flexible Authentication

Flexible Authentication

Cisco IBNS supports a wide range of configurable authentication options.

View Infographic

Cisco IBNS supports a wide range of authentication options in which order and priority are configurable for additional flexibility. These include:

  • 802.1X for managed devices and users
  • Web authentication for guests or non-802.1X users
  • MAC authentication bypass (MAB) for unmanaged or non-802.1X devices

Flexible Deployment Modes

Cisco supports three modes for a phased 802.1X deployment: monitor, low impact, and high security. In particular, 802.1X can be deployed in the monitor mode without enforcement. That way, your business can monitor network authentications, evaluate risks, and prepare the network for access control in later phases.

Service and Interface Templates

IBNS 2.0 takes advantage of user-definable and reusable templates for interfaces and network access sessions. While interface templates can be used to simplify configuration management, the service templates can contain authorization parameters like the VLANs, IPv4 and IPv6, access control lists, and much more. These templates may be defined locally on the network authenticators (switch or wireless controllers) or can be authorized by a centralized policy.

Identity Control Policy

Configurable through the Cisco C3PL, the Identity Control Policy offers a flexible and extensible policy definition. The Identity Control Policy simplifies access management.

Device Sensor and AutoConf

These features offer detection and classification of connecting endpoints at the network access. The new AutoConf solution uses Auto Smart Port Macros for dynamic device-ID-based authorization. With its policy-based IBNS infrastructure and the interface templates, this new framework provides a simplified solution for automatic interface configurations at the enterprise edge.

Feature Availability at a Glance

Platform Cisco IBNS (Classic) IBNS 2.0 (New-Style) Per MAC VLANs AutoConf & Interface Templates
Catalyst 2960-S, 2960-SF, 2960-C, 2960-Plus and 3560-C 12.2SE 15.2(1)E No 15.2(2)E
Catalyst 3560-X and 3750-X 12.2SE 15.2(1)E No 15.2(2)E
Catalyst 3650 and 3850 3.3.0SE 3.3.0SE 3.3.0SE 3.4.0E
Catalyst 4948E, 4948E-F, 4500/4500E Sup6E/Sup6-LE 12.2SG 15.2(1)E No 15.2(2)E
Catalyst 4500X, 4500E Sup7E/Sup7-LE 12.2SG 3.3.0SE No 3.4.0SE
Catalyst 6500/E Sup720/Sup2T, Catalyst 4500E Sup8E 12.2SX No No No

Let Us Help