Wireless Access

last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RAP printing with secure wired port

This thread has been viewed 1 times

  • 1.  RAP printing with secure wired port

    Posted Oct 08, 2014 11:54 AM

    We are looking for a way to support wired network printers through a RAP with secured ports. I currently have our RAP's configured with 802.1x auth on the wired ports and it's working fine with Windows PC's, but I can't find a printer that supports 802.1x through a wired port. We don't want to broadcast our wireless to the remote user. Management doesn't want to use MAC auth because they are afraid it can be spoofed easily.

     

    Anyone have any suggestions?

     

    Thanks.



  • 2.  RE: RAP printing with secure wired port

    EMPLOYEE
    Posted Oct 08, 2014 11:55 AM

    The only option is to use MAC-auth in this case.



  • 3.  RE: RAP printing with secure wired port

    EMPLOYEE
    Posted Oct 09, 2014 03:22 AM

    You are probably correct when stating that MAC addresses are easily spoofed. What may help in such a sitiuation is to use the role-based firewall to limit network access to the required minimum.

     

    For a network printer, this may be only DHCP, als no other traffic from the printer to the network is required typically.

     

    You can create a new role for you printer, with such strict firewalling rules, and assign that during the MAC authentication.

     

    If you have ClearPass, you can use profiler to even get more information and fingerprint the device (and block it as soon as is shows to be another device than a printer).

     

    From a security view, I consider MAC authentication a convenience feature that can be circumvented. Strict security controls in the firewall limit the impact.