Educause Security Discussion mailing list archives
Re: 802.1X for wired ports
From: "James R. Pardonek" <pardonjr () CALUMET PURDUE EDU>
Date: Thu, 17 Jun 2010 08:13:42 -0500
We are an Enterasys shop. We use their NAC product which ties into RADIUS and also keeps a database of who logged in, the switch, the port, the MAC address, IP address, the date and time. Jim James R. Pardonek, CISSP Senior Network Administrator Purdue University Calumet Data Network Information Services Purdue University Calumet Hammond, Indiana From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel Bennett Sent: Thursday, June 17, 2010 6:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] 802.1X for wired ports James, What technology do you utilize for the captive portal? Daniel Bennett IT Security Analyst Pennsylvania College of Technology P:570.329.4989 E:dbennett () pct edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James R. Pardonek Sent: Thursday, June 17, 2010 7:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] 802.1X for wired ports We use a captive portal that relies on radius to make sure that the individual is a student or staff. We require accounts for all who use our network. Those with no affiliation to Purdue require a sponsor. The sponsor is required to submit a form that contains the users information along with duration of use. We then create temporary credentials for that person. Our captive portal records the MAC address of the users computer along with the IP in case we have an issue. James Pardonek CISSP Senior Network Administrator Purdue University Calumet _____ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Wed Jun 16 15:18:24 2010 Subject: Re: [SECURITY] 802.1X for wired ports On 16/06/2010, at 3:57 AM, David Gillett wrote: I believe 802.1X is a good solution for "inside" ports, but for "public access" ports a captive portal may be a better option -- redirects browser requests to a login -page and blocks other traffic until login succeeds). We initially used BlueSocket for our wireless authentication, and it could easily be deployed this way..... David Gillett _____ From: Entwistle, Bruce [mailto:Bruce_Entwistle () REDLANDS EDU] Sent: Monday, June 14, 2010 17:21 To: SECURITY () listserv educause edu Subject: [SECURITY] 802.1X for wired ports We are currently looking for a method to secure wired ports located in locations accessible by the general public. The network devices to which these ports are connected are Cisco 3750 switches. I have tested port based authentication however I ran into the problem of not having the required supplicant installed. We are trying to avoid having to do configuration on the client(student) machines. I was looking to find out what others have done to prevent users outside the organization from simply connecting their computer through use of a patch cable and surfing the Internet. Thank you Bruce Entwistle Network Manager University of Redlands
Attachment:
smime.p7s
Description:
Current thread:
- 802.1X for wired ports Entwistle, Bruce (Jun 14)
- Re: 802.1X for wired ports David Gillett (Jun 15)
- Re: 802.1X for wired ports Russell Fulton (Jun 16)
- Re: 802.1X for wired ports Russell Fulton (Jun 16)
- Re: 802.1X for wired ports Mike Wiseman (Jun 17)
- Re: 802.1X for wired ports Justin Azoff (Jun 17)
- Re: 802.1X for wired ports Mike Wiseman (Jun 17)
- Re: 802.1X for wired ports David Gillett (Jun 15)
- <Possible follow-ups>
- Re: 802.1X for wired ports James R. Pardonek (Jun 17)
- Re: 802.1X for wired ports Daniel Bennett (Jun 17)
- Re: 802.1X for wired ports James R. Pardonek (Jun 17)
- Re: 802.1X for wired ports Daniel Bennett (Jun 17)