Protect Ethernet ports on AP
Hey forum,
Is there a way to configure my Deco M9 Plus devices to "lock/protect" its Ethernet ports so that new connections are required to be authenticated/verified with a password or via the Deco app?
Cheers
- G
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thank you for your feedback.
I will note down this feature first and forward to the engineers later for further evaluation.
If anyone had the same request, it would be high appreciated if you could share more ideas about what you tend to achieve with it.
Thank you again.
- Copy Link
- Report Inappropriate Content
Thank you for the feedback.
May I know why do you wish an additional authentication for Ethernet connection?
Thank you again.
Best regards.
- Copy Link
- Report Inappropriate Content
I recently extended my working Unifi AP collection with an outdoor AP. I now realized that securing the switch port into which the AP is plugged is not as straightforward as I had initially assumed (without ever really thinking this through, admittedly):
-
While the AP itself nicely authenticates wireless devices (WPA2-PSK or WPA2-Enterprise, with VLANs assigned), it's LAN connection is pretty much available without any protection, offering untagged access to the management LAN and tagged access to VLANs.
-
Unlike outside cameras, I cannot lock down the port in the switch to a single MAC, because the AP is meant to provide access to various (a potentially unlimited number of) devices, each having their own MAC.
-
While Unifi APs can authenticate wirless clients via 802.1X, I haven't found an option to implement 802.1X authentication for the AP towards the switch.
So what is the best practice to "prevent" anyone from just unplugging the AP, plugging in a different device and then accessing the network?
Thanks!
- Copy Link
- Report Inappropriate Content
Hey @David-TP,
I would like authentication for Ethernet connections since I have a Deco device in a room which has a door to the outdoors which most of the time isn't locked. It feels a bit unsafe to have exposed Ethernet ports where anyone could get access to my internet... Although it is highly unlikely it would happen 😅
- Copy Link
- Report Inappropriate Content
Thank you for your feedback.
I will note down this feature first and forward to the engineers later for further evaluation.
If anyone had the same request, it would be high appreciated if you could share more ideas about what you tend to achieve with it.
Thank you again.
- Copy Link
- Report Inappropriate Content
Example of how securing Ethernet ports works in my HITRON CODA router.
That page not only allows to block unused ports, but also gives useful information for type of connections to active ports. This could be right place for Deco node to report speed and duplex of its Ethernet port connections.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 821
Replies: 5