1

We are looking at implementing 802.1x on a wired/wireless network. What I am looking for is a device that can act as a supplicant and once authenticated on the network, is able to pass traffic from any downstream connected device.

The point of doing this would be to allow a properly pre-configured device to be provided to a client user who could then connect any device on the downstream side of the device. We will be able to manage the aggregate traffic on the device without concern for what is connected on the far side.

Am I dreaming; does every device out there support this and I just don't know it or is reality fall somewhere in the middle?

Allan Ross
  • 11
  • 2
  • Why not just set a particular port to not require authentication and plug a switch or whatever into that? – Chris S Dec 01 '10 at 19:46

2 Answers2

0

Probably. Assuming I've understood you correctly,

You're wanting to connect clients wired or wirelessly to your network and control their access into your network? You're not wanting to have to bother about what they connect onto that network.

Well if that's the case, I haven't used 802.1x to achieve this. What I do is just install DD-WRT onto a router and connect that to the network. As it has a built in firewall I can do any filtering required on the device which will apply to all users connected onto it.

If it's a remote office, no problem. I set up a VPN tunnel using DD-WRT's OpenVPN client. The effect is the same.

If it's a remote office and their have their own WAN and you're needing devices on the downstream side to access services inside your network then you can use static routes on the DDWRT router for those specific addresses to go through your VPN, otherwise out the normal network gateway.

So, if that's what you're after then I can recommend you find yourself a router that can run DD-WRT and have a play with it. They advertise good support for Buffalo routers. Best of all, DD-WRT is free.

Just confirmed. DD-WRT can authenticate using Radius, although I've not used it an ex collegue tells me that it works really well. So yes, if you're looking for a device, any router capable of running DD-WRT or Open-WRT will probably do the job.

hookenz
  • 14,132
  • 22
  • 86
  • 142
0

you don't need any "devices". All you need is an edge switch that is able to handle 802.1x (radius).

After the system is authenticated to the switch via 802.1x/radius you can use the mac address/ip address to handle the traffic that is going to the device.

There are also switches that can handle the traffic-shaping option, but they are a lot more expensive.

KR,

Gromit

gromit
  • 76
  • 2