Boost Security and Efficiency, Cut Costs
Cisco Identity-Based Networking Services (IBNS) is an integrated solution that offers authentication, access control, and user policy enforcement to help secure network connectivity and resources. It helps you improve operational efficiency and cut costs by adopting today’s innovative network trends, such as mobility, cloud, and bring-your-own-device (BYOD) access. Boost network efficiency, while helping to ensure security and compliance. Cisco IBNS is the core component of the Cisco TrustSec solution, delivering network-based identity security. To meet customer needs for greater flexibility and scalability in endpoint visibility and access control, Cisco now offers IBNS 2.0.
Enforce Access Security Policies
Simplify access over wired and wireless networks with IBNS 2.0. (3:23 min)Learn More
Redefining Identity Networking
Follow the evolution of Cisco Identity-Based Networking Services (IBNS) 2.0.View Infographic
IBNS 2.0 offers a flexible and extensible identity framework. It allows for any authentication method, with any authorization option, on any media: wired or wireless. It is also serves as the fundamental component of the Cisco Unified Access network and Cisco TrustSec security architectures. The new Common Classification Policy Language (C3PL)-based configuration offers a new way to define and manage enterprise network admission control.
Cisco's deployment approach gradually introduces identity-based access control. (7:20 min)
Cisco IBNS supports a wide range of configurable authentication options.View Infographic
Cisco IBNS supports a wide range of authentication options in which order and priority are configurable for additional flexibility. These include:
- 802.1X for managed devices and users
- Web authentication for guests or non-802.1X users
- MAC authentication bypass (MAB) for unmanaged or non-802.1X devices
Flexible Deployment Modes
Cisco supports three modes for a phased 802.1X deployment: monitor, low impact, and high security. In particular, 802.1X can be deployed in the monitor mode without enforcement. That way, your business can monitor network authentications, evaluate risks, and prepare the network for access control in later phases.
Service and Interface Templates
IBNS 2.0 takes advantage of user-definable and reusable templates for interfaces and network access sessions. While interface templates can be used to simplify configuration management, the service templates can contain authorization parameters like the VLANs, IPv4 and IPv6, access control lists, and much more. These templates may be defined locally on the network authenticators (switch or wireless controllers) or can be authorized by a centralized policy.
Identity Control Policy
Configurable through the Cisco C3PL, the Identity Control Policy offers a flexible and extensible policy definition. The Identity Control Policy simplifies access management.
Device Sensor and AutoConf
These features offer detection and classification of connecting endpoints at the network access. The new AutoConf solution uses Auto Smart Port Macros for dynamic device-ID-based authorization. With its policy-based IBNS infrastructure and the interface templates, this new framework provides a simplified solution for automatic interface configurations at the enterprise edge.
Feature Availability at a Glance
|Platform||Cisco IBNS (Classic)||IBNS 2.0 (New-Style)||Per MAC VLANs||AutoConf & Interface Templates|
|Catalyst 2960-S, 2960-SF, 2960-C, 2960-Plus and 3560-C||12.2SE||15.2(1)E||No||15.2(2)E|
|Catalyst 3560-X and 3750-X||12.2SE||15.2(1)E||No||15.2(2)E|
|Catalyst 3650 and 3850||3.3.0SE||3.3.0SE||3.3.0SE||3.4.0E|
|Catalyst 4948E, 4948E-F, 4500/4500E Sup6E/Sup6-LE||12.2SG||15.2(1)E||No||15.2(2)E|
|Catalyst 4500X, 4500E Sup7E/Sup7-LE||12.2SG||3.3.0SE||No||3.4.0SE|
|Catalyst 6500/E Sup720/Sup2T, Catalyst 4500E Sup8E||12.2SX||No||No||No|