Re: [Aironet] Thoughts about managing user access withOUT LEAP
Status: Inactive
Brought to you by:
breed
From: Marc H. <hu...@ca...> - 2001-05-25 20:08:59
|
----- Original Message ----- From: "Jim Veneskey" <jv...@ci...> To: "Dustin Goodwin" <dus...@ya...> Cc: <ai...@en...> Sent: Friday, May 25, 2001 11:43 AM Subject: Re: [Aironet] Thoughts about managing user access withOUT LEAP > On Thu, May 24, 2001 at 08:20:08PM -0700, Dustin Goodwin wrote: > > I would like to offer a number of users wlan access to > > my network. But I need to restrict access to only > > users that are authorized. I realize I could do this > > with SSID and WEP keys but the problem there being > > selectively deleting users without making everyone > > re-configure there wireless nic each time. Since LEAP > > is not available on most platforms I was considering > > the following. > > Actually, LEAP can be available on ALL platforms. In this case > the LEAP credentials are permanently stored on the card like a > WEP key. > I believe this is what is termed "hardware security" as opposed to > "user security"? > Cisco does not encourage "hardware security" since it is less secure than > having to type in your password every time - especially if the card is > stolen/lost... > Yes, our card can do "hardware security", but I'm not sure if we will be > releasing any utilities to enable it. That's a management/marketing decision. > > > Since I assume most access points act like normal > > bridge, in that each wlan client appears as it owns > > unique MAC address. If I setup a device (like a layer > > 3 router) inline between the ap and my network that > > can filter on MAC address I could restrict clients on > > per wlan nic basis. > > 1. Does this make any sense as poor mans per user > > access control scheme? > > Actually - yes it does. We are hoping to release new AP firmware > that just might do this next week ;-) > Note: we will of course encourage people to use LEAP over this... > > > 2. Do access points act birdge-like in the manner I > > describe? > > Yes - they are very bridge like... > > > 3. Do any wlan nic's allow user configurable mac > > address? > Lucent cards still do; at least under their windows utilities. --Marc Hudson > I believe we removed that functionality from our driver/utilities > but the firmware still allows it if configured properly... > > Jim > > > > Thanks in advance, > > - Dusitn - > > -- > | | Jim Veneskey > :|: :|: Software Test Engineer > :|||: :|||: 320 Springside Drive Suite 350, Akron OH 44333 > .:|||||||:..:|||||||:. Email: jv...@ci... > _______________________________________________ > Aironet mailing list - Ai...@cs... > http://csl.cse.ucsc.edu/mailman/listinfo/aironet > |