03-27-2008 07:29 PM - edited 07-03-2021 03:36 PM
What, if any would be the best solution to deal with users connecting to a wired infrastructure but also connected to another organization wireless? We want to only permit wired when connected. The end users are not domain controlled but 802.1x authenticated. Options? much appreciated.
03-27-2008 09:32 PM
one way to do this would be with a supplicant (CSSC). another would be to use CSA (Cisco security Agent)...
03-28-2008 08:56 PM
Do you mean you need to kill WLAN when connected to wired and/or vice-versa?
03-31-2008 06:47 AM
Correct, since potentially the WLAN is another org's
03-31-2008 11:05 PM
one solution is Network Access Quarantine provided by Microsoft IAS/Radius server. As part of the authentication process a script is run on the client to verify it meets the requirements for connection to the network
Here is a link to a white paper describing the features.
http://download.microsoft.com/download/0/7/e/07ed1953-0ab5-41ea-b5da-41cf8bb9cdae/Quarantine.doc
The client does not have to be a member of the domain.
Bill
04-01-2008 07:18 AM
Thanks Bill, that's great. Do you know of any way to accomplish the same with freeradius? IAS is nice but doesn't support as many EAP types as we require.
thanks
04-01-2008 09:44 PM
I don't know of any solutions of this type that don't cost money.
Is it possible for you clients to standardize on one tyoe of EAP to connect to your system.
good luck
Bill
04-01-2008 10:01 PM
It should be possible for you to load a client that disallows/favors one type of media or the other. i.e. Disable WLAN is wire is plugged in, etc.
04-02-2008 09:36 AM
which client would recommend?
04-17-2008 04:46 PM
Juniper Odyssey Access Client.
This can be modified by an Admin and a user MSI file can be produced.
Once of the options is to overide WLAN when the device is connected to the Wired network. You can also restrict wireless access to certain SSIDs or just to WLANs with certain security critera
Chargeable client though at about $50 a seat. There is a 15 day full functional demo available to download from the Juniper site.
HTH
Paul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: