Educause Security Discussion mailing list archives
Re: 802.1X for wired ports
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Thu, 17 Jun 2010 08:30:12 +1200
On 16/06/2010, at 3:57 AM, David Gillett wrote:
I believe 802.1X is a good solution for "inside" ports, but for "public access" ports a captive portal may be a better option -- redirects browser requests to a login -page and blocks other traffic until login succeeds). We initially used BlueSocket for our wireless authentication, and it could easily be deployed this way.....
This is what we do with our wireless networks the basic unencrypted access is via captive portal and the encrypted SSID that lands inside our network is 802.1x. We are looking at using 802.1x for wired access for student laptops in library and labs. The main headache we have had with 802.1x is that the CISCO PEAP to our radius involves clients having to either preconfigure the radius servers as trusted or click through a dialog box saying the service is untrusted the first time you authenticate. If anyone knows of a way around this I would be delighted to know. This issue is that PEAP hands off the authentication of the client to the radius direct. The client has no way of knowing if the radius server is has been pointed to is trustworthy so most ask the user who does not know either. Russell
David Gillett From: Entwistle, Bruce [mailto:Bruce_Entwistle () REDLANDS EDU] Sent: Monday, June 14, 2010 17:21 To: SECURITY () listserv educause edu Subject: [SECURITY] 802.1X for wired ports We are currently looking for a method to secure wired ports located in locations accessible by the general public. The network devices to which these ports are connected are Cisco 3750 switches. I have tested port based authentication however I ran into the problem of not having the required supplicant installed. We are trying to avoid having to do configuration on the client(student) machines. I was looking to find out what others have done to prevent users outside the organization from simply connecting their computer through use of a patch cable and surfing the Internet. Thank you Bruce Entwistle Network Manager University of Redlands
Current thread:
- 802.1X for wired ports Entwistle, Bruce (Jun 14)
- Re: 802.1X for wired ports David Gillett (Jun 15)
- Re: 802.1X for wired ports Russell Fulton (Jun 16)
- Re: 802.1X for wired ports Russell Fulton (Jun 16)
- Re: 802.1X for wired ports Mike Wiseman (Jun 17)
- Re: 802.1X for wired ports Justin Azoff (Jun 17)
- Re: 802.1X for wired ports Mike Wiseman (Jun 17)
- Re: 802.1X for wired ports David Gillett (Jun 15)
- <Possible follow-ups>
- Re: 802.1X for wired ports James R. Pardonek (Jun 17)
- Re: 802.1X for wired ports Daniel Bennett (Jun 17)
- Re: 802.1X for wired ports James R. Pardonek (Jun 17)
- Re: 802.1X for wired ports Daniel Bennett (Jun 17)