Anyone else implement 802.11x for hard wire??

AthlonXP

AthlonXP

Fully [H]
Joined
Oct 14, 2001
Messages
20,588
My companies network team is looking into pushing this out. Just wanted to know from anyone else s experience with this what issues/problems did you confront? Just trying to find ways to see if its totally necessary for wired network. Obviously for wireless its a no brainier.


Thanks in advance!
 
It prevents walk-ups from gaining access through ports in shared, common, or public areas that your company might have.
 
I've done it a few times. I've used Microsoft, Cisco and Juniper solutions. Expect trouble calls to go through the roof on a poorly implemented solution. (I'm looking at you Microsoft). Of the three I would highly recommend the Juniper UAC solution even on an all Cisco network. Overall it had the fewest problems.

Things to watch out for are things like printers/scanners and other devices that can't run a .1x supplicant. It really helps if you have a decent written security policy to go from when implementing.

Trying to explain to a vp why he can't just plug his home laptop into the network and surf the web anymore is a lot easier when you have a written policy to back you up.

Expect as many political challenges as technical especially in bigger organizations.
 
kalthak said:
Expect as many political challenges as technical especially in bigger organizations.
Click to expand...

this is probably one of the largest barriers to implementation of this type of security in my case... but honestly the BYOD at my workplace hasn't been addressed and really needs to be... afaik we have no policy concerning BYOD and SSID passphrases are easy to get...
 
Blue Fox said:
Shutdown unused ports on your switching gear?
Click to expand...

So what if I unplug someone elses computer and plug my rogue device into it?


One of my team member's tested this out on our network and it was too much of a pain to deal with on our network (95% cisco, 5% etc). I can't tell you exactly why since I wasn't invovled but I remember there being so many user issues that it wasn't worth the effort with our limited resources (educational institution with 40k users)
 
You must log in or register to reply here.
Back
Top