For authentication, I believe you are really talking 802.1x We've implemented 802.1x on our wired network over 5 sites and about 2000 ports. No wireless yet, but when we do, it will also use 802.1x
On Tue, Feb 21, 2012 at 2:23 PM, Matthew W. Ross <[email protected]>wrote: > 802.11x authentication looks awesome, but all of my (admittingly amateur) > experiments to try to implement it have failed me. I'd be very interested > on hearing success stories of this solution. > > > --Matt Ross > Ephrata School District > > > ----- Original Message ----- > From: Steve Kradel > [mailto:[email protected]] > To: NT System Admin Issues > [mailto:[email protected]] > Sent: Tue, 21 Feb 2012 > 10:34:55 -0800 > Subject: Re: Limiting DHCP > > > > Look into 802.11x authentication... or at least filter whitelisted > > MACs at the router. DHCP is not any kind of access control mechanism. > > > > --Steve > > > > On Tue, Feb 21, 2012 at 1:17 PM, Jonathan Link <[email protected]> > > wrote: > > > I think he's wanting to prevent anyone from connecting to his network > by > > > just plugging in anywhere, with any device... > > > > > > > > > On Tue, Feb 21, 2012 at 12:54 PM, Michael B. Smith < > [email protected]> > > > wrote: > > >> > > >> Isn’t the DMZ a separate network segment? It should be…. > > >> > > >> > > >> > > >> From: Evan Brastow [mailto:[email protected]] > > >> Sent: Tuesday, February 21, 2012 12:35 PM > > >> To: NT System Admin Issues > > >> Subject: Limiting DHCP > > >> > > >> > > >> > > >> Hi all, > > >> > > >> > > >> > > >> I've recently set up a wireless router in the DMZ on our firewall. > This > > >> will allow consultants, salesmen, etc... to have a connection to the > > >> Internet when they come in, with no connection to our network. > > >> > > >> > > >> > > >> Now, however, in order to take the final step in this process and be > sure > > >> someone can't just plug into a network port, it would seem I need to > do > > one > > >> of two things: > > >> > > >> > > >> > > >> 1) Stop our DHCP server and give all network devices (less than 50 or > so) > > >> static IP's. > > >> > > >> > > >> > > >> or > > >> > > >> > > >> > > >> 2) Restrict DHCP to only listed MAC addresses. > > >> > > >> > > >> > > >> So, my questions are - which of these two would be easier (does it > really > > >> make much difference?) or is there a third option I don't see? > > >> > > >> > > >> > > >> Thanks, as always :) > > >> > > >> > > >> > > >> Evan > > >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to [email protected] > > with the body: unsubscribe ntsysadmin > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
