I have a WRVS4400N configured with 2 VLANs: (a) with internal (server, printer, etc) and internet access, and (b) with internet-only access. I have seperate encrypted wireless for each. For (a), I also have connection control configured, requiring the MAC address to be registered to allow wireless access.
Is there a way to enforce "Connection Control" for the wired LAN ports as well? Only registered devices should be allowed to connect to the ports. The router is connected to a switch which is connected to LAN ports located throughout the office. I want to prevent someone from plugged into a port and having access to the network wihtout authorization.
Yes I can understand your concern for wired security as well as especially wireless security.
The only option I have seen for my home RVS4000, which is the wired version of the WRVS4400N, is to use the standards approach built into the unit,
802.1x authetication. It is the same option available for the WRVS4400N V2 routers, see page 154 of the attached admin guide.
If you decide to use radius, then the advatange of that is you can then also provide radius authetication for wireless clients as well. (Almost a single point of management.)
But that is it as far as I am aware, i await any other response to your question.
Thanks for your thorough response. At this point, I don't want to get into radius authentication. I was hoping there's another simple (perhaps MAC-based, as with the WLAN) authentication method for the hardware I have. It's good to know that's not possible, before I spend more time trying to figure it out. Again, I appreciate your response to my post!
1. MAP MAC address to IP address via DHCP static assignment
2, Use Access list to allow only list of known LAN IP hosts to exit to the internet.
other than that, I'm also listening for suggestions.
I have tried to make this WRVS4400N into a wired 802.1X for LAN ports, vs a FreeRADIUS. It works well, ecxept for
EAP-TLS. The freeRADIUS complains about "packet does not contain required message-authentication attribute" coming from the WRVS4400N. Any clues?