If I wanted to protect a PA850 from unknown devices connecting.
so 1 port to the local ISP.
6 ports for laptops to directly connect.
How / what is the best way to make sure only pre defined laptops can connect.
Mac filtering ??? Think that is easily by passed
802.11x - how easily is it to manage
what other option do I have.
GP - I want to run GP any way. and there might be a device - printer or non GP enabled device I want to connect
802.11x is easy to administer once you have it setup and configured, but not something that I would do for 6 devices.
GP, Mac Filtering, or user-id would honestly be what I would recommend in such a small location. GP is going to be what I would consider your most secure option as long as you configure it via certificate based authentication. Mac-Filtering is a reasonable security filter, but its not without its shortcomings and it can be bypassed, and lastly user-id through Exchange or your Domain Controller verifies that the end-user is verified but doesn't do anything to ensure that the device itself is necessarily the one you want.
Sounds like with your reservations towards MAC filtering you're kind of left with either a very small 802.11x deployment, or simply enforcing a GP connection for network access and doing authentication based off of machine certificate. That verifies that the device itself is the device you expect it to be and that the user has access to the device in question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!