implementing-network-access-control

Featured

Implements 802.1X port-based network access control using RADIUS authentication, PacketFence NAC, and switch configurations to enforce identity-based access policies, posture assessment, and automatic VLAN assignment for authorized devices.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Network Access Control ## When to Use - Enforcing identity-based network access where only authenticated and compliant devices connect to the network - Implementing zero-trust networking at the access layer with dynamic VLAN assignment based on user role - Quarantining non-compliant devices that fail endpoint posture checks (missing patches, disabled AV) - Meeting compliance requirements (PCI-DSS, HIPAA, SOC 2) for network access controls - Onboarding BYOD devices with automated provisioning and limited network access **Do not use** as a standalone security solution without complementary controls, for networks with devices that do not support 802.1X supplicants, or without proper fallback mechanisms for critical infrastructure. ## Prerequisites - RADIUS server (FreeRADIUS, Microsoft NPS, or Cisco ISE) configured with user/device authentication - Managed switches supporting 802.1X port-based authentication - Certificate Authority for EAP-TLS certificate distribution (optional but recommended) - PacketFence or similar NAC platform for posture assessment and remediation - Active Directory or LDAP directory for centralized user authentication - DHCP server integration for dynamic IP assignment per VLAN ## Workflow ### Step 1: Install and Configure FreeRADIUS ```bash # Install FreeRADIUS sudo apt install -y freeradius freeradius-utils freeradius-ldap # Configure RADIUS clients (switches that authenticate against RADIUS) sudo tee /etc/freeradius/3.0/clients....

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-network-access-control-with-cisco-ise

Deploy Cisco Identity Services Engine for 802.1X wired and wireless authentication, MAC Authentication Bypass, posture assessment, and dynamic VLAN assignment for network access control.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-network-segmentation-with-firewall-zones

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.

12,642 Updated today
mukul975
DevOps & Infrastructure Solid

implementing-conditional-access-policies-azure-ad

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named l

12,642 Updated today
mukul975
AI & Automation Featured

configuring-pfsense-firewall-rules

Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation, control traffic flow, and protect internal network zones in enterprise and small-to-medium business environments.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

deploying-cloudflare-access-for-zero-trust

Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications, configuring identity-aware access policies, device posture checks, and WARP client enrollment for VPN replacement.

12,642 Updated today
mukul975