Wednesday, October 22, 2008

DHCP Authentication With Dot1x

How to secure lan so that any rougue laptop/pc donot get the ip address fom the dhcp, a big question mark, but possible in wireless media but what about wired media. Same question was asked to me few days back and my instant response was dhcp did not support authentication. But I replied we can use the dot 1x for the wired media.
So i started out my testing lab with one of my colleague and installed domain controller with radius. We use the dot1x mechanism to authenticate the pc/laptops; After 2 days testing we got the positive results.

1. Get rid form the man in middle attack.
2. Dictionary attacks can be stopped with this.
3. Security of Lan; No one will get the ip address until and unless he/she is having domain username & password.

I am writing document on this, If someone need on urgent basics kindly mail me.

People who read this post also read :


irshad said...

Hi friend

I'm Irshad. Randomly browsing the good blogs, I went to yours. Truly speaking, I'm here to promote my innovations, my services, my links.
Well, I'm a 20-something guy running a 2-years old creative technology company, SkoolsOnline Technologies. Literally, as the name suggests, we are focussed on Education but our primary aim is to help Start-Ups acheive their goals, their dreams with the help of services and those of our alliances.

We're into Creative branding, Applications development, Data mining, Online promotion and content development. All with an innovative edge and focussed on Start-Ups. Why dont you visit our site, and have a look yourself. Perhaps, we could of any help to you.

Honestly, it's a spam! But I hope it doesn' matter much to you. In fact, It's a good addition to your comments. Well, it's upto you if you accept it or not.
Many thanks buddy.

Ahmed Gadi said...

Hi Shivlu,
I need this document to implement to one of my customer, can you please post it.
I have subscribed to ur blog, so i will be updated.

Rakesh said...

basically dot1x authentication is the port based authentication on L2. all you need is a switch and a radius server.

I configured and tested the dot1x implementation over the wired traffic.

But wireless is not so different.
nice to see your blog.

Mèo Con said...

HI ,

Can i have your document, i want to config for my company, please could you please send me a guide for this.

So appreciate.