Educause Security Discussion mailing list archives
Re: 802.1x on the wire - mac address exclusion
From: "Williams, Matthew" <mwill186 () KENT EDU>
Date: Thu, 23 Jun 2016 14:37:43 +0000
You should be able to setup MAB (MAC Address Bypass) in your switches, then create your MAC whitelist in your RADIUS product. Your other option is to disable 802.1X on the switchport of those devices, but that becomes a management nightmare. Respectfully, Matt From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Emily Harris Sent: Thursday, June 23, 2016 9:47 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] 802.1x on the wire - mac address exclusion All: Recently our Bradford Campus Manager appliance failed, and we decided not to replace it. Instead, we will be doing 802.1x authentication on the wire. The basic setup works, but we are looking for solutions to easily exclude MACs for non-keyboard devices such as cameras, game consoles, and printers. We are hoping to do this without purchasing or deploying a larger management system such as Cisco ISE. If anyone is doing this, I'd appreciate reaching out to me on or off list. Thank you! ---- Emily Harris Information Security Officer, CIS Vassar College 845-437-7221
Current thread:
- 802.1x on the wire - mac address exclusion Emily Harris (Jun 23)
- Re: 802.1x on the wire - mac address exclusion Williams, Matthew (Jun 23)