07-12-2010 08:30 AM
I have a WRVS4400N configured with 2 VLANs: (a) with internal (server, printer, etc) and internet access, and (b) with internet-only access. I have seperate encrypted wireless for each. For (a), I also have connection control configured, requiring the MAC address to be registered to allow wireless access.
Is there a way to enforce "Connection Control" for the wired LAN ports as well? Only registered devices should be allowed to connect to the ports. The router is connected to a switch which is connected to LAN ports located throughout the office. I want to prevent someone from plugged into a port and having access to the network wihtout authorization.
07-12-2010 09:45 AM
Hi Malcolm,
Yes I can understand your concern for wired security as well as especially wireless security.
The only option I have seen for my home RVS4000, which is the wired version of the WRVS4400N, is to use the standards approach built into the unit,
802.1x authetication. It is the same option available for the WRVS4400N V2 routers, see page 154 of the attached admin guide.
If you decide to use radius, then the advatange of that is you can then also provide radius authetication for wireless clients as well. (Almost a single point of management.)
But that is it as far as I am aware, i await any other response to your question.
regards Dave
07-12-2010 12:36 PM
Hi Dave,
Thanks for your thorough response. At this point, I don't want to get into radius authentication. I was hoping there's another simple (perhaps MAC-based, as with the WLAN) authentication method for the hardware I have. It's good to know that's not possible, before I spend more time trying to figure it out. Again, I appreciate your response to my post!
-Malcolm
07-12-2010 01:10 PM
Hi Malcolm,
what about
1. MAP MAC address to IP address via DHCP static assignment
2, Use Access list to allow only list of known LAN IP hosts to exit to the internet.
other than that, I'm also listening for suggestions.
regards Dave
02-22-2012 10:35 AM
I have tried to make this WRVS4400N into a wired 802.1X for LAN ports, vs a FreeRADIUS. It works well, ecxept for
EAP-TLS. The freeRADIUS complains about "packet does not contain required message-authentication attribute" coming from the WRVS4400N. Any clues?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: