cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Martin Pauly <pauly AT hrz.uni-marburg.de>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] 802.1X for wired interface.
- Date: Mon, 21 Feb 2022 18:24:36 +0100
Am 21.02.22 um 17:57 schrieb Daniele Albrizio:
In some places we have "funny" people that disconnect fixed PCs to connect
their laptop.
A real 802.1X auth is a good thing to do, of course, especially with
client-side certs, i.e. EAP-TLS.
But there _is_ some overhead. We've had some good experience with simple MAC
address base measurements:
- register every wired device, require DHCP at the Switchport (boot unknown
clients=false in the DHCP server + Layer 2 security)
- In public places, restrict access to one MAC address per port
MAC addresses can be spoofed easily, of course. So this is all but a mild
layer of protection
which will not keep out a dedicated hacker. But still, it reduces the noise
coming with the
usual everyday nonsense.
Cheers, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly AT HRZ.Uni-Marburg.DE
D-35032 Marburg
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [[cat-users]] 802.1X for wired interface., Nicolás Velázquez Campoy, 02/15/2022
- Re: [[cat-users]] 802.1X for wired interface., Jørn Åne de Jong, 02/15/2022
- Re: [[cat-users]] 802.1X for wired interface., Martin Pauly, 02/16/2022
- RE: [[cat-users]] 802.1X for wired interface., Nicolás Velázquez Campoy, 02/16/2022
- Re: [[cat-users]] 802.1X for wired interface., José Manuel Macías Luna, 02/16/2022
- Re: [[cat-users]] 802.1X for wired interface., Alan Buxey, 02/16/2022
- RE: [[cat-users]] 802.1X for wired interface., Nicolás Velázquez Campoy, 02/16/2022
- Re: [[cat-users]] 802.1X for wired interface., Alan Buxey, 02/16/2022
- Re: [[cat-users]] 802.1X for wired interface., José Manuel Macías Luna, 02/16/2022
- Re: [[cat-users]] 802.1X for wired interface., Stefan Winter, 02/21/2022
- Re: [[cat-users]] 802.1X for wired interface., Tomasz Wolniewicz, 02/21/2022
- Re: [[cat-users]] 802.1X for wired interface., Daniele Albrizio, 02/21/2022
- Re: [[cat-users]] 802.1X for wired interface., Martin Pauly, 02/21/2022
- Re: [[cat-users]] 802.1X for wired interface - Windows, Tomasz Wolniewicz, 02/21/2022
- RE: [[cat-users]] 802.1X for wired interface., Nicolás Velázquez Campoy, 02/16/2022
Archive powered by MHonArc 2.6.19.