[c-nsp] Ethernet Authentication

Matt Stockdale mstockda at logicworks.net
Fri Jun 30 17:46:30 EDT 2006


Well, it's not uncommon to require residential customers to touch bases
with you when their MAC address changes. Of course, these days,
linksys/dlink/netgear toys are a dime a dozen, and with the MAC cloning
features, they can ease the transition in addition to providing some
much-needed security. 

Whichever method you pick, I think your best bet will be just to bite
the bullet and do it now, before you have 800 customers. Be sure to
liquor up your helpdesk before you break it to them, you should be able
to make it safely away.

Good luck,

Matt



On Fri, 2006-06-30 at 17:36 -0400, Paul Stewart wrote:
> Hehehee... Yeah pretty much... :)  It would involve tracking down over
> 400 customers at this point and wouldn't go over well.  My "backup" plan
> is to implement PPPOE across these systems but was hoping for a more
> "transparent" way of doing it that doesn't involve customers configuring
> a dialer type interface to get on the Internet....
> 
> Yes, just bridges....
> 
> Thanks,
> 
> Paul
>  
> 
> -----Original Message-----
> From: Matt Stockdale [mailto:mstockda at logicworks.net] 
> Sent: Friday, June 30, 2006 5:33 PM
> To: Paul Stewart
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Ethernet Authentication
> 
> Are the radio's just bridges? I'm guessing these are residential/small
> office type customers, and you are thinking that your helpdesk will kill
> you just as dead if they have to call up a bunch of civilians and
> explain to them that even though their PC isn't from Apple, that it does
> in fact have a MAC address, and can they please give it to you?
> 
> Matt
> 
> 
> On Fri, 2006-06-30 at 17:28 -0400, Paul Stewart wrote:
> > Thanks... Unfortunately we have no way to track the user's MAC and it 
> > can change of course....
> > 
> > Paul Stewart
> > Network Administrator
> > Nexicom Inc.
> > http://www.nexicom.net/
> > 
> > -----Original Message-----
> > From: Matt Stockdale [mailto:mstockda at logicworks.net]
> > Sent: Friday, June 30, 2006 5:24 PM
> > To: Paul Stewart
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Ethernet Authentication
> > 
> > centralize the DHCP server and have the 2621 relay the request? You 
> > should be able to track users as long as you know their MAC.
> > 
> > http://www.cisco.com/en/US/products/ps6350/products_configuration_guid
> > e_
> > chapter09186a00804412bf.html
> > 
> > Matt
> > 
> > On Fri, 2006-06-30 at 15:31 -0400, Paul Stewart wrote:
> > > The subject may not be the right description but I'm trying to find 
> > > a way to authenticate a bunch of fixed-wireless customers
> currently...
> > > 
> > > Here's my scenario:
> > > 
> > > Remote POP with Cisco 2621 and Cisco 2924 or 2950 switch.  At the 
> > > remote POP, Motorola Canopy or Trango fixed wireless customers are 
> > > connected into the switch.  The Cisco 2621 provides DHCP to anyone 
> > > connected as the Motorola and Trango both do their own proprietary 
> > > radio authentication.
> > > 
> > > The problem is that once the radio authenticates, then the end user 
> > > computer gets an IP from the 2621 and they surf.  This is great 
> > > until you want to know who is on which IP address etc.  Obviously 
> > > moving the
> > 
> > > customers to PPPOE would work well, but that's a major change 
> > > especially on one site where we might have to change 150-180 users 
> > > at once (our helpdesk would shoot me lol)
> > > 
> > > Ideally, what I'd like to know if it's possible is some kind of 
> > > authentication via a web browser linked to our existing Radius.  Is 
> > > there a way to do this in IOS and/or 3rd party?  I was thinking of 
> > > 802.x but all these customers connect across the same ethernet port 
> > > in
> > 
> > > most locations (or a few ports)...
> > > 
> > > Thanks again to the list for your help...appreciate it...
> > > 
> > > Paul Stewart
> > > Network Administrator
> > > Nexicom Inc.
> > > http://www.nexicom.net/
> > > 
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > 
> > 
> 


More information about the cisco-nsp mailing list