Re: Securing Public Lan ports

jenkinsjohn · ‎04-30-2003

I have a current requirement to install LAN's in (very) public places across the United States. This means the 3550 connected ethernet ports will be in places where the public will have physical access to them, but these ports are only for use by specified people, not for the public . My customer's requirement is that these ports be secured somehow, so that if a passerby plugs his laptop into them, they will have no access to the attached network. Anyone have any suggestions on how to accomplish this?

I thought of port security, but there is no control over the different laptops, etc. that authorized people will have, so I have no way of specifying MAC addresses.

Radius would work, but the Radius/TACACS server will be in a central location. Another requirement is that they still be able to access their local systems if the link back to the central location goes down, so that leaves Radius/TACACs out as well.

Any suggestions on how to solve this probem would be greatly appreciated, as I'm stumped on this one.

John Jenkins

matt.austin · ‎04-30-2003

I'd say RADIUS/TACACS is a good idea. If the user needs to access their local pc, they ought to have a login ID for local access as it is, right? Windows NT/2000 local login and then connect to the RADIUS or TACACS server after getting to their desktop. Implementing 802.1x port based authentication when connected to the switch...

Could also create some type of dial in access to an AS5300, or some other Access Server Model for back up using either analog or digital modems? Some ideas...

a-craick · ‎05-05-2003

Have you looked at Secure DHCP ?