Wednesday, October 22, 2008

DHCP Authentication With Dot1x

How to secure lan so that any rougue laptop/pc donot get the ip address fom the dhcp, a big question mark, but possible in wireless media but what about wired media. Same question was asked to me few days back and my instant response was dhcp did not support authentication. But I replied we can use the dot 1x for the wired media.
So i started out my testing lab with one of my colleague and installed domain controller with radius. We use the dot1x mechanism to authenticate the pc/laptops; After 2 days testing we got the positive results.

1. Get rid form the man in middle attack.
2. Dictionary attacks can be stopped with this.
3. Security of Lan; No one will get the ip address until and unless he/she is having domain username & password.

I am writing document on this, If someone need on urgent basics kindly mail me.

People who read this post also read :


Galiakot said...

Hi Shivlu,
I need this document to implement to one of my customer, can you please post it.
I have subscribed to ur blog, so i will be updated.

Rakesh said...

basically dot1x authentication is the port based authentication on L2. all you need is a switch and a radius server.

I configured and tested the dot1x implementation over the wired traffic.

But wireless is not so different.
nice to see your blog.

Mèo Con said...

HI ,

Can i have your document, i want to config for my company, please could you please send me a guide for this.

So appreciate.