[c-nsp] Restrict PC to 1 wired network
Alex K.
nsp.lists at gmail.com
Sun Oct 19 06:52:16 EDT 2014
Hello list,
I'm looking for a way to enforce a windows end-station, to connect to a
certain (permitted) wired network ONLY!
Half way of achieving such restriction, will be (in my opinion) to use some
form of 802.1x (say EAP-TLS) so the PC will be able to recognize that
*permitted* network – BUT, and that were the problem lays, what will make
the windows stop at this point?
Let me illustrate this with the following example – assume I set up a
wireless network protected by EAP-TLS. Now, each time a user connects, the
network get authenticated. Any other PC not provided by me (and therefore,
doesn’t have the PKI means of authenticating itself to the network) will
obviously not connect to that SSID. But – as we all know, basically
that PC *will
be able to connect* to any other SSID and that's exactly what I'm trying to
prevent.
Now, in the realm of Wi-Fi, group policy can restrict the PC to only 1 SSID
and prevent the user from changing it. But, how can you prevent a PC from
proceeding with DHCP etc. after dot1x failed to authenticate?
Any ideas will be welcomed.
More information about the cisco-nsp
mailing list