Connection Control for LAN Ports

Unanswered Question
Jul 12th, 2010
User Badges:

I have a WRVS4400N configured with 2 VLANs: (a) with internal (server, printer, etc) and internet access, and (b) with internet-only access.  I have seperate encrypted wireless for each.  For (a), I also have connection control configured, requiring the MAC address to be registered to allow wireless access.


Is there a way to enforce "Connection Control" for the wired LAN ports as well?  Only registered devices should be allowed to connect to the ports.  The router is connected to a switch which is connected to LAN ports located throughout the office.  I want to prevent someone from plugged into a port and having access to the network wihtout authorization.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Hornstein Mon, 07/12/2010 - 09:45
User Badges:
  • Gold, 750 points or more

Hi Malcolm,


Yes I can understand your concern  for wired security as well as especially wireless security.


The only option I have seen for my home RVS4000, which is the wired version of the WRVS4400N,  is to use the standards approach built into the unit,

802.1x  authetication.  It is the same option available  for the WRVS4400N V2 routers, see page 154 of the attached admin guide.


If you decide to use radius, then the advatange of that is you can then also provide radius authetication for wireless clients as well. (Almost a single point of management.)


But that is it as far as I am aware, i await any other response to your question.


regards Dave


malcolmd83 Mon, 07/12/2010 - 12:36
User Badges:

Hi Dave,


Thanks for your thorough response.  At this point, I don't want to get into radius authentication.  I was hoping there's another simple (perhaps MAC-based, as with the WLAN) authentication method for the hardware I have.  It's good to know that's not possible, before I spend more time trying to figure it out.  Again, I appreciate your response to my post!


-Malcolm

David Hornstein Mon, 07/12/2010 - 13:10
User Badges:
  • Gold, 750 points or more

Hi Malcolm,


what about 


1.  MAP MAC address to IP address via DHCP static  assignment


2,  Use Access list to allow only list of known LAN  IP hosts to exit to the internet.


other than that, I'm also listening for suggestions.


regards Dave

nicos-christofi Wed, 02/22/2012 - 10:35
User Badges:

I have tried to make this WRVS4400N into a wired 802.1X for LAN ports, vs a FreeRADIUS.  It works well, ecxept for

EAP-TLS.  The freeRADIUS complains about "packet does not contain required message-authentication attribute" coming from the WRVS4400N.  Any clues? 

Actions

This Discussion

Related Content