I want secure my computers network and I want implement some mechanism that prevent an unauthorized PC to connect to my servers (without use filter by MAC or IP, that is very weak). So my network has many Switch L2 unmanaged that obviously not support 802.1x Port Authentication. I am a Firewall between my servers and that's switches to prevents attack and I want implement 802.1x Port Authentication by Software in that server with Debian Linux. Is this possible?
Asked
Active
Viewed 227 times
-2
-
2Your switches are going to need to support 802.1X. – Ron Maupin Mar 19 '18 at 02:24
-
The question is about not to use switches with 802.1X because i dont have any way to acquire..... – Luis Felipe Dominguez Vega Mar 19 '18 at 16:03
-
2Your switches need to support 802.1X for you to use it. – Ron Maupin Mar 19 '18 at 16:03
1 Answers
1
It's perfectly possible, but will require you rechecking some assumptions.
Since 802.1x is not available (because your hardware doesn't support it) and you (rightly) don't regard MAC address controls as sufficient, you cannot assume that presence on the network signifies right-to-access. Instead, connect the servers to a different, trusted network, and run a VPN on top of the client network; this will both require that clients prove their bona fides before being able to access the server network, and protect client-server traffic from malicious operators on the untrusted client network.
I do it on my small-office wifi; instead of providing separate guest and employee wifi, we run a single wifi, then use OpenVPN to enable trusted clients to access the protected office wireline network.
MadHatter
- 78,442
- 20
- 178
- 229
-
That's is my current approach, but I known that hostapd implements 802.1x by software.. and I try to set it in wired driver.. – Luis Felipe Dominguez Vega Mar 25 '18 at 14:27