Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
1
Replies

WLAN Security

luis.veraza
Level 1
Level 1

‎02-03-2005 02:19 PM - edited ‎07-04-2021 10:25 AM

HI,

We are planning to introduce a big WLAN, with 1200 AP, we´ll work with them using a RADIUS Server and 802.1x, here all is Ok, but the problem is that any user can connect its AP(Linksys, anything else), it is a big hole, we don´t want that.

Do you know something that we can do ? to prevent it.

Thanks Luis.

Labels:
0 Helpful
1 Reply 1

scottmac
Level 10
Level 10

‎02-03-2005 08:29 PM

Maybe apply a MAC-based ACL on the concentrating switch to allow only Cisco MACs (the MAC of the AP Ethernet interface)?

I'm not sure (haven't tried it), but, worse case, setup an additiional VLAN (so you have a tag & trunk established), blackhole the Native VLAN, and I believe, the tagged frames from the AP can pass through the MAC-secured port.

Many of the SOHO APs cannot authenticate against RADIUS. Also, the RADIUS server must be configured to accept authentication requests from specific requesters.

If you're talking about someone plugging an AP into their PC jack, that's going to go back to creating a policy (the first step to any kind of security) - if a user gets caught, the user gets fired. If management can't accept implementing a policy like that, your company's problems are larger than a/some rogue access points (IMHO).

FWIW

Scott

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card