802.11x authentication looks awesome, but all of my (admittingly amateur) experiments to try to implement it have failed me. I'd be very interested on hearing success stories of this solution.
--Matt Ross Ephrata School District ----- Original Message ----- From: Steve Kradel [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Tue, 21 Feb 2012 10:34:55 -0800 Subject: Re: Limiting DHCP > Look into 802.11x authentication... or at least filter whitelisted > MACs at the router. DHCP is not any kind of access control mechanism. > > --Steve > > On Tue, Feb 21, 2012 at 1:17 PM, Jonathan Link <[email protected]> > wrote: > > I think he's wanting to prevent anyone from connecting to his network by > > just plugging in anywhere, with any device... > > > > > > On Tue, Feb 21, 2012 at 12:54 PM, Michael B. Smith <[email protected]> > > wrote: > >> > >> Isn’t the DMZ a separate network segment? It should be…. > >> > >> > >> > >> From: Evan Brastow [mailto:[email protected]] > >> Sent: Tuesday, February 21, 2012 12:35 PM > >> To: NT System Admin Issues > >> Subject: Limiting DHCP > >> > >> > >> > >> Hi all, > >> > >> > >> > >> I've recently set up a wireless router in the DMZ on our firewall. This > >> will allow consultants, salesmen, etc... to have a connection to the > >> Internet when they come in, with no connection to our network. > >> > >> > >> > >> Now, however, in order to take the final step in this process and be sure > >> someone can't just plug into a network port, it would seem I need to do > one > >> of two things: > >> > >> > >> > >> 1) Stop our DHCP server and give all network devices (less than 50 or so) > >> static IP's. > >> > >> > >> > >> or > >> > >> > >> > >> 2) Restrict DHCP to only listed MAC addresses. > >> > >> > >> > >> So, my questions are - which of these two would be easier (does it really > >> make much difference?) or is there a third option I don't see? > >> > >> > >> > >> Thanks, as always :) > >> > >> > >> > >> Evan > >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
