Putting endpoints to sleep to save energy doesn’t normally play well with 802.1X. You often have to make a choice between compromising security or keeping devices awake 24/365. With more pressure on IT energy savings on the one hand and rising cybersecurity threats expected to continue on the other hand, network pros (like you) are getting a seemingly impossible mission.
Great news! We are excited to share the public preview of the new MS 802.1X Control Direction (1XCD)! This public preview is now available for all orgs on the switch access policies page.
Public preview allows all customers to test the feature and leverage Meraki support if they encounter issues. However, this feature is still considered “beta” and customers should be prepared to test for unexpected issues that may occur before deciding to roll out the feature to critical networks.
Say hello to sustainable sustainability with enhanced security (No compromise!)
With 1XCD, customers can now have the best of both worlds, using high security on switchports connecting to endpoints (such as cash registers) in remote branches while still allowing those devices to save energy outside of business hours.
Let’s dive a little further.
> Default to both directions
802.1X Control Direction defaults to "both". In this mode, the switchport drops ingress or egress traffic until after the port is authorized via 802.1X or MAB authentication.
> Or set to “inbound-only”
Control Direction can now also be set to "inbound-only," in which case the switchport drops ingress traffic, but will allow limited egress traffic from the network through the switchport to reach the connected device. This is often used to allow Wake-on-LAN magic packets to wake a sleeping host on the connected port, at which point the host can attempt a normal 802.1X or MAB authentication to authorize the switchport for full ingress and egress traffic.
802.1X Control Direction is enabled as part of switch access policy configuration. When enabled, is also indicated on the switchport details:
> Works with API and template networks
1XCD works via the API, in the Dashboard, and works with template networks. As a bonus, switchaccess policies in template networks are now configurable via the API.
Need more information?
1XCD is supported on classic switches and requires MS 15 or later. Please see the Documentation page for more information.
Join many of our customers in a mission to a more sustainable IT environment today! Go green!