Wireless/Wired Connections

Unanswered Question
Mar 27th, 2008
User Badges:

What, if any would be the best solution to deal with users connecting to a wired infrastructure but also connected to another organization wireless? We want to only permit wired when connected. The end users are not domain controlled but 802.1x authenticated. Options? much appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sabhasin Thu, 03/27/2008 - 21:32
User Badges:

one way to do this would be with a supplicant (CSSC). another would be to use CSA (Cisco security Agent)...

jafrazie Fri, 03/28/2008 - 20:56
User Badges:
  • Cisco Employee,

Do you mean you need to kill WLAN when connected to wired and/or vice-versa?

bradbrookc Mon, 03/31/2008 - 06:47
User Badges:

Correct, since potentially the WLAN is another org's

bcolvin Mon, 03/31/2008 - 23:05
User Badges:
  • Bronze, 100 points or more

one solution is Network Access Quarantine provided by Microsoft IAS/Radius server. As part of the authentication process a script is run on the client to verify it meets the requirements for connection to the network


Here is a link to a white paper describing the features.


http://download.microsoft.com/download/0/7/e/07ed1953-0ab5-41ea-b5da-41cf8bb9cdae/Quarantine.doc


The client does not have to be a member of the domain.


Bill

bradbrookc Tue, 04/01/2008 - 07:18
User Badges:

Thanks Bill, that's great. Do you know of any way to accomplish the same with freeradius? IAS is nice but doesn't support as many EAP types as we require.


thanks

bcolvin Tue, 04/01/2008 - 21:44
User Badges:
  • Bronze, 100 points or more

I don't know of any solutions of this type that don't cost money.


Is it possible for you clients to standardize on one tyoe of EAP to connect to your system.


good luck


Bill

jafrazie Tue, 04/01/2008 - 22:01
User Badges:
  • Cisco Employee,

It should be possible for you to load a client that disallows/favors one type of media or the other. i.e. Disable WLAN is wire is plugged in, etc.

pablo1711 Thu, 04/17/2008 - 16:46
User Badges:

Juniper Odyssey Access Client.


This can be modified by an Admin and a user MSI file can be produced.


Once of the options is to overide WLAN when the device is connected to the Wired network. You can also restrict wireless access to certain SSIDs or just to WLANs with certain security critera


Chargeable client though at about $50 a seat. There is a 15 day full functional demo available to download from the Juniper site.


HTH


Paul

Actions

This Discussion

 

 

Trending Topics - Security & Network