Protect Ethernet ports on AP

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Protect Ethernet ports on AP

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Protect Ethernet ports on AP
Protect Ethernet ports on AP
2022-03-14 15:38:06 - last edited 2022-03-16 08:37:35
Model: Deco M9 Plus  
Hardware Version:
Firmware Version:

Hey forum,

 

Is there a way to configure my Deco M9 Plus devices to "lock/protect" its Ethernet ports so that new connections are required to be authenticated/verified with a password or via the Deco app?

 

Cheers

- G

  2      
  2      
#1
Options
1 Accepted Solution
Re:Protect Ethernet ports on AP-Solution
2022-03-16 06:42:39 - last edited 2022-03-16 08:37:35

  @grimmbraten  SuomyNonaPatri

Thank you for your feedback.

I will note down this feature first and forward to the engineers later for further evaluation.

If anyone had the same request, it would be high appreciated if you could share more ideas about what you tend to achieve with it.

Thank you again.

 

Recommended Solution
  1  
  1  
#5
Options
5 Reply
Re:Protect Ethernet ports on AP
2022-03-15 03:34:33

  @grimmbraten 

Thank you for the feedback.

May I know why do you wish an additional authentication for Ethernet connection?

Thank you again.

Best regards.

  0  
  0  
#2
Options
Re:Protect Ethernet ports on AP
2022-03-15 07:44:32

I recently extended my working Unifi AP collection with an outdoor AP. I now realized that securing the switch port into which the AP is plugged is not as straightforward as I had initially assumed (without ever really thinking this through, admittedly):

  • While the AP itself nicely authenticates wireless devices (WPA2-PSK or WPA2-Enterprise, with VLANs assigned), it's LAN connection is pretty much available without any protection, offering untagged access to the management LAN and tagged access to VLANs.

  • Unlike outside cameras, I cannot lock down the port in the switch to a single MAC, because the AP is meant to provide access to various (a potentially unlimited number of) devices, each having their own MAC.

  • While Unifi APs can authenticate wirless clients via 802.1X, I haven't found an option to implement 802.1X authentication for the AP towards the switch.

So what is the best practice to "prevent" anyone from just unplugging the AP, plugging in a different device and then accessing the network?

Thanks!

  2  
  2  
#3
Options
Re:Protect Ethernet ports on AP
2022-03-15 09:53:18

Hey @David-TP,

 

I would like authentication for Ethernet connections since I have a Deco device in a room which has a door to the outdoors which most of the time isn't locked. It feels a bit unsafe to have exposed Ethernet ports where anyone could get access to my internet... Although it is highly unlikely it would happen 😅

  2  
  2  
#4
Options
Re:Protect Ethernet ports on AP-Solution
2022-03-16 06:42:39 - last edited 2022-03-16 08:37:35

  @grimmbraten  SuomyNonaPatri

Thank you for your feedback.

I will note down this feature first and forward to the engineers later for further evaluation.

If anyone had the same request, it would be high appreciated if you could share more ideas about what you tend to achieve with it.

Thank you again.

 

Recommended Solution
  1  
  1  
#5
Options
Re:Protect Ethernet ports on AP
2022-03-16 14:39:52 - last edited 2022-03-16 14:40:31

  @grimmbraten 

 

Example of how securing Ethernet ports works in my HITRON CODA router.

 

 

That page not only allows to block unused ports, but also gives useful information for type of connections to active ports. This could be right place for Deco node to report speed and duplex of its Ethernet port connections.

  3  
  3  
#6
Options