Wired Networks Thread, Limit wired connections and users? in Technical; Hi All,
Hopefully someone can help me out here with what I thought would have been a relatively easy task, ...
11th February 2013, 02:08 PM #1
- Rep Power
Limit wired connections and users?
Hopefully someone can help me out here with what I thought would have been a relatively easy task, but my network admin tells me he can't do it.
We rolled out Ruckus wireless last summer and it has been excellent. We used PSK to authenticate against AD and we can tell who, what and where on our wireless network. Problem is, we have LAN ports all over the school and in residential buildings as both staff and students live on campus. Once we put authentication on the wireless the sessions and users went down for a while and the network was stable, but then they realised they could just plug in and go. We are a BYOD school, primarily Mac based.
Essentially what I am looking for is something like the Ruckus ZD for wired networks. I would prefer to just pull all cables but have been told I can't by SLT. Our network is unable to cope with the sessions. We have only 400 students P-12 but often have over 500 devices connected during the day. Sometimes the sessions get so high that the UTM (Untangle) just crashes under the load.
Anyone got any advice as to how to lock down the wired network down that I can pass on to my network admin?
12th February 2013, 07:22 PM #2
Give this a read: 802.1X Authenticated Wired Access Overview
You can setup 802.1x on a wired network just like you can a wireless network. If you don't have AD credentials that match the criteria setup on your Radius server, you don't get on. You do need managed switches though that are capable of supporting this and I don't know how it would play out with Macs. Another option is to look into port security on the switches. It's basically MAC filtering like what you would find on wireless routers/access points only it's for wired ports. Either way though, you're going to be adding overhead to your managing of the network.
12th February 2013, 10:10 PM #3
If you have managed switches, disable the ports as required. This means you can re-enable ports as required and don't need to remove any patch cables.
Thanks to Michael from:
TheScarfedOne (12th February 2013)
12th February 2013, 10:54 PM #4
If you have managed switches, you should be able to do this dynamically - bandwidth violation = disconnection.
Originally Posted by Michael
PacketFence: Open Source NAC (Network Access Control)
Thanks to CyberNerd from:
boombah (13th February 2013)
13th February 2013, 03:00 AM #5
- Rep Power
Thanks for the responses. Looking into PacketFence now, looks pretty much like what we are after, now I just have to see if we can get it working.
Our switches are capable, but we have many dodgy switches that are linked to each other so it wont work just yet. It takes a while to get things sorted here in Thailand. It might be an option going forwards as well.
By eclass in forum Windows 7
Last Post: 14th November 2011, 08:00 PM
Last Post: 6th March 2007, 02:05 PM
By Disorder in forum Wireless Networks
Last Post: 31st January 2007, 10:19 PM
By NetworkGeezer in forum Windows
Last Post: 16th June 2006, 10:00 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)