AppNeta launches 802.1X authentication across Monitoring Points

by Paul Davenport on September 26, 2019

Lately, we’ve been on a roll with delivering platform updates that help successfully position our enterprise customers for a future where their WAN footprint will be more expansive and decentralized than ever before. From a slew of forward-looking DNS enhancements to completing our SOC 2 Type 2 certification, we’ve been proactive in adding features that give AppNeta customers a similarly proactive posture in addressing issues before they impact end users.

The latest such enhancement is 802.1X security authentication. This is an IEEE standard for providing port-based layer-2 access control to authenticate users or devices looking to access a LAN or WAN. As with any authentication, the goal is to make sure users that are asking for access to the network are who they claim to be. This is especially useful when managing WiFi (ie. separating backoffice network access from customer-facing WiFi in a retail setting), or as a general “defense-in-depth” layer of security between sensitive network assets and bad actors.

How does it work?

There are three primary entities involved in 802.1X authentication: the Supplicant, the Authenticator and the Authentication Server.

The Supplicant represents the device that wants to use and access network resources. When deploying AppNeta Performance Manager, one of our monitoring points would act as a Supplicant in this scenario in order to track performance in and out of the network, identifying any potential issues between the Authenticator and the Authentication Server, as well as any other traffic snarls that may be hiding behind the WAN gateway.

The Authenticator is the device that provides the physical link between the supplicant (ie. an AppNeta monitoring point) and the network. In most cases, this would be a Layer-2 switch that relays Supplicant credentials to the Authentication Servers and enforces the network access policy.

Finally, the Authentication server is trusted hardware (for instance, a RADIUS server) that validates network access requests from the supplicant. If the authentication is successful, the supplicant can access the network resources it wants through the authenticator. After successful authentication, the authenticating device uses source MAC filtering to allow only authenticated devices to communicate over the network.

For teams to get started monitoring, they’ll need a Layer-2 switch with 802.1X support configured to act as an Authenticator, as well as a username and password that will be recognized by the Authentication Server (although for PEAP and TLS authentication protocols, additional authentication information will be necessary).

It all may seem pretty straightforward, but this added capability is yet another instance where AppNeta is leaving no stone unturned in giving customers all they need to manage, monitor, and secure their networks that will only continue to grow in complexity in the coming years. Learn more about this and our latest product updates in our documentation pages.