https://community.hpe.com/t5/switches-hubs-and-modems/5300-security/m-p/3918208#M10019 Currently we have 802.1x for our wireless. We need to have security for our wired ports. We are a school district with 24k students and two network folks. <BR />what would be the best security to invoke on the 5300's? By best I mean one that would cause the least distruption to the end users and (hopefully) less calls to the help desk. <BR />802.1x has the most hope but is an issue with the supplicant and configuration (not enough manpower).<BR />We were looking at port security also. If I read the manual correctly, my options on the port will be to either be notified (not timely enough) or have the port disabled (many disgruntled users). I was hoping to block unwanted traffic while permitting authorized users to continue to work...<BR />Thanks Wed, 27 Dec 2006 16:37:33 GMT Greg Askew 2006-12-27T16:37:33Z https://community.hpe.com/t5/switches-hubs-and-modems/5300-security/m-p/3918208#M10019 Currently we have 802.1x for our wireless. We need to have security for our wired ports. We are a school district with 24k students and two network folks. <BR />what would be the best security to invoke on the 5300's? By best I mean one that would cause the least distruption to the end users and (hopefully) less calls to the help desk. <BR />802.1x has the most hope but is an issue with the supplicant and configuration (not enough manpower).<BR />We were looking at port security also. If I read the manual correctly, my options on the port will be to either be notified (not timely enough) or have the port disabled (many disgruntled users). I was hoping to block unwanted traffic while permitting authorized users to continue to work...<BR />Thanks Wed, 27 Dec 2006 16:37:33 GMT https://community.hpe.com/t5/switches-hubs-and-modems/5300-security/m-p/3918208#M10019 Greg Askew 2006-12-27T16:37:33Z https://community.hpe.com/t5/switches-hubs-and-modems/5300-security/m-p/3918209#M10020 For the (most probably unmanaged) 24k users network I would recommend not 802.1X solution. The real pain is administering 802.1X on the unmanaged computers.<BR /><BR />Try to look toward in-line NAC solutions optimized for unmanaged environments (like agent-less assessment and optional agent deployment). There are a lot on the market now.<BR /><BR />There is also _VERY GOOD_ freeware solution <A href="http://www.packetfence.org/" target="_blank">http://www.packetfence.org/</A> Last one is constantly developing by a several big universities for internal use and also posted to the public domain.<BR />PacketFence is really _BEST_ (easy install, easy GUI, nice reports, etc.) Fri, 29 Dec 2006 03:37:19 GMT https://community.hpe.com/t5/switches-hubs-and-modems/5300-security/m-p/3918209#M10020 Sergej Gurenko 2006-12-29T03:37:19Z