Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Connection Control for LAN Ports

I have a WRVS4400N configured with 2 VLANs: (a) with internal (server, printer, etc) and internet access, and (b) with internet-only access.  I have seperate encrypted wireless for each.  For (a), I also have connection control configured, requiring the MAC address to be registered to allow wireless access.

Is there a way to enforce "Connection Control" for the wired LAN ports as well?  Only registered devices should be allowed to connect to the ports.  The router is connected to a switch which is connected to LAN ports located throughout the office.  I want to prevent someone from plugged into a port and having access to the network wihtout authorization.

Everyone's tags (2)
4 REPLIES

Re: Connection Control for LAN Ports

Hi Malcolm,

Yes I can understand your concern  for wired security as well as especially wireless security.

The only option I have seen for my home RVS4000, which is the wired version of the WRVS4400N,  is to use the standards approach built into the unit,

802.1x  authetication.  It is the same option available  for the WRVS4400N V2 routers, see page 154 of the attached admin guide.

If you decide to use radius, then the advatange of that is you can then also provide radius authetication for wireless clients as well. (Almost a single point of management.)

But that is it as far as I am aware, i await any other response to your question.

regards Dave

New Member

Re: Connection Control for LAN Ports

Hi Dave,

Thanks for your thorough response.  At this point, I don't want to get into radius authentication.  I was hoping there's another simple (perhaps MAC-based, as with the WLAN) authentication method for the hardware I have.  It's good to know that's not possible, before I spend more time trying to figure it out.  Again, I appreciate your response to my post!

-Malcolm

Re: Connection Control for LAN Ports

Hi Malcolm,

what about 

1.  MAP MAC address to IP address via DHCP static  assignment

2,  Use Access list to allow only list of known LAN  IP hosts to exit to the internet.

other than that, I'm also listening for suggestions.

regards Dave

New Member

Re: Connection Control for LAN Ports

I have tried to make this WRVS4400N into a wired 802.1X for LAN ports, vs a FreeRADIUS.  It works well, ecxept for

EAP-TLS.  The freeRADIUS complains about "packet does not contain required message-authentication attribute" coming from the WRVS4400N.  Any clues? 

1415
Views
0
Helpful
4
Replies