Non-Genuine Authentication.

cisco.net · ‎12-22-2010

Hi Netpros,

We are a services providers, Many of our customers are using WI-FI at their LAN about which we also not aware. We want to apply a configuration at our core routers level after which users can't connect or authenticate thru their WI-FI. as these users may not be the genuine one there is too many securiy loops due to this. pls share ur views if this can be possible thru any protocol (WI-FI protocol ) level configs. Or is there any other solution available.

***

hobbe · ‎12-23-2010

This is just my view of this.

If i understand you right you have customers that in their network have Wifi Accesspoints. you wish to limit anyone coming from the Wifi AP.

You have no access or control over the Wifi AP or the switches in the customers LAN.

Well basically there is no way to do this.

If you have no control over the switching environment or Wifi AP at your customers place then you have no way of distinguising if a IP packet is coming from the AP or another switch in their network.

so there is no legal and or practical way to do what you want to do.

An unpractical way would be that every unit that is passing through your systems must identify itself.

An most likely illegal and unpractical way would be to implement acess-lists depending on the sniffed traffic of your customers WIFI equipment.

so neither of the above would be practical in the real world.

However that said, you can of course limit what you customers are allowed to do and who pays the bill if they do not follow the instructions, but that is all in your contract agreements with your customers.

Sorry

Good luck

HTH

paolo bevilacqua · ‎12-24-2010

Not possible.

However, as ISP, you should not care what users do at their premises, their security it's not your responsability, neither you have the right to dictate if they can use wi-fi or not.