Hopefully someone can help me out here with what I thought would have been a relatively easy task, but my network admin tells me he can't do it.
We rolled out Ruckus wireless last summer and it has been excellent. We used PSK to authenticate against AD and we can tell who, what and where on our wireless network. Problem is, we have LAN ports all over the school and in residential buildings as both staff and students live on campus. Once we put authentication on the wireless the sessions and users went down for a while and the network was stable, but then they realised they could just plug in and go. We are a BYOD school, primarily Mac based.
Essentially what I am looking for is something like the Ruckus ZD for wired networks. I would prefer to just pull all cables but have been told I can't by SLT. Our network is unable to cope with the sessions. We have only 400 students P-12 but often have over 500 devices connected during the day. Sometimes the sessions get so high that the UTM (Untangle) just crashes under the load.
Anyone got any advice as to how to lock down the wired network down that I can pass on to my network admin?
You can setup 802.1x on a wired network just like you can a wireless network. If you don't have AD credentials that match the criteria setup on your Radius server, you don't get on. You do need managed switches though that are capable of supporting this and I don't know how it would play out with Macs. Another option is to look into port security on the switches. It's basically MAC filtering like what you would find on wireless routers/access points only it's for wired ports. Either way though, you're going to be adding overhead to your managing of the network.
Thanks for the responses. Looking into PacketFence now, looks pretty much like what we are after, now I just have to see if we can get it working.
Our switches are capable, but we have many dodgy switches that are linked to each other so it wont work just yet. It takes a while to get things sorted here in Thailand. It might be an option going forwards as well.