Wireless Access

Reply
Occasional Contributor II
Posts: 23
Registered: ‎07-21-2011

RAP printing with secure wired port

We are looking for a way to support wired network printers through a RAP with secured ports. I currently have our RAP's configured with 802.1x auth on the wired ports and it's working fine with Windows PC's, but I can't find a printer that supports 802.1x through a wired port. We don't want to broadcast our wireless to the remote user. Management doesn't want to use MAC auth because they are afraid it can be spoofed easily.

 

Anyone have any suggestions?

 

Thanks.

ACMP - Feb 2014
Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: RAP printing with secure wired port

The only option is to use MAC-auth in this case.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 467
Registered: ‎11-04-2011

Re: RAP printing with secure wired port

You are probably correct when stating that MAC addresses are easily spoofed. What may help in such a sitiuation is to use the role-based firewall to limit network access to the required minimum.

 

For a network printer, this may be only DHCP, als no other traffic from the printer to the network is required typically.

 

You can create a new role for you printer, with such strict firewalling rules, and assign that during the MAC authentication.

 

If you have ClearPass, you can use profiler to even get more information and fingerprint the device (and block it as soon as is shows to be another device than a printer).

 

From a security view, I consider MAC authentication a convenience feature that can be circumvented. Strict security controls in the firewall limit the impact.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
Search Airheads
Showing results for 
Search instead for 
Did you mean: