Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1836
Views
0
Helpful
4
Replies

Connection Control for LAN Ports

malcolmd83
Level 1
Level 1

‎07-12-2010 08:30 AM

I have a WRVS4400N configured with 2 VLANs: (a) with internal (server, printer, etc) and internet access, and (b) with internet-only access.  I have seperate encrypted wireless for each.  For (a), I also have connection control configured, requiring the MAC address to be registered to allow wireless access.

Is there a way to enforce "Connection Control" for the wired LAN ports as well?  Only registered devices should be allowed to connect to the ports.  The router is connected to a switch which is connected to LAN ports located throughout the office.  I want to prevent someone from plugged into a port and having access to the network wihtout authorization.

Labels:
0 Helpful
4 Replies 4

David Hornstein
Level 7
Level 7

‎07-12-2010 09:45 AM

Hi Malcolm,

Yes I can understand your concern  for wired security as well as especially wireless security.

The only option I have seen for my home RVS4000, which is the wired version of the WRVS4400N,  is to use the standards approach built into the unit,

802.1x  authetication.  It is the same option available  for the WRVS4400N V2 routers, see page 154 of the attached admin guide.

If you decide to use radius, then the advatange of that is you can then also provide radius authetication for wireless clients as well. (Almost a single point of management.)

But that is it as far as I am aware, i await any other response to your question.

regards Dave

Preview file
6319 KB
0 Helpful

malcolmd83
Level 1
Level 1
In response to David Hornstein

‎07-12-2010 12:36 PM

Hi Dave,

Thanks for your thorough response.  At this point, I don't want to get into radius authentication.  I was hoping there's another simple (perhaps MAC-based, as with the WLAN) authentication method for the hardware I have.  It's good to know that's not possible, before I spend more time trying to figure it out.  Again, I appreciate your response to my post!

-Malcolm

0 Helpful

David Hornstein
Level 7
Level 7
In response to malcolmd83

‎07-12-2010 01:10 PM

Hi Malcolm,

what about 

1.  MAP MAC address to IP address via DHCP static  assignment

2,  Use Access list to allow only list of known LAN  IP hosts to exit to the internet.

other than that, I'm also listening for suggestions.

regards Dave

0 Helpful

nicos-christofi
Level 1
Level 1
In response to David Hornstein

‎02-22-2012 10:35 AM

I have tried to make this WRVS4400N into a wired 802.1X for LAN ports, vs a FreeRADIUS.  It works well, ecxept for

EAP-TLS.  The freeRADIUS complains about "packet does not contain required message-authentication attribute" coming from the WRVS4400N.  Any clues? 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents