<![CDATA[[SecurityRatty] tag: untechnical]]> http://securityratty.com/tag/untechnical Sat, 03 May 2008 19:20:17 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[802.1X Terminology- Port 'Closed']]> http://securityratty.com/article/cfb1a2d0be96fd42fe0d83be0faed144 http://securityratty.com/article/cfb1a2d0be96fd42fe0d83be0faed144 Recently, I’ve been asked to explain my choice of terminology when describing 802.1X during various talks and presentations. One piece of verbiage I tend to use is that an 802.1X-enabled port is ‘shut off’ or ‘closed’ prior to endpoint authentication.

My choice of words seems to raise a few eyebrows with my audience. You, like several others, may ask- “That seems like an ‘untechnical’ term, shouldn’t you say it ‘disables’ the port?” 

Well, no, we shouldn’t say that. When we talk about ‘enable’ and ‘disable’ for ports, that’s actually a port property designation within the switch. When we disable a port in the switch, we’re turning it off and preventing it from passing any traffic.

When we have an 802.1X-enabled port that’s unauthenticated, it still has to pass SOME traffic types, such as EAP (and possibly discovery protocols, such as Cisco’s CDP). Otherwise, we’d never be able to authenticate, right?

So, I, like many others in the NAC world, usually refer to an unauthenticated 1X port as being ‘shut off’ or ‘closed’ just as a means to distinguish it from ‘disabled’ which does have its own meaning.

# # #

]]> Sat, 03 May 2008 19:20:17 +0000 port port property designation traffic possibly discovery protocols traffic types ciscos cdp untechnical term choice disable 802.1X Terminology- Port 'Closed'