topic Re: Authenticating trunk ports? in Network Access Control https://community.cisco.com/t5/network-access-control/authenticating-trunk-ports/m-p/1628686#M295982 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I would suggest the following:</P><P></P><P>&gt;&gt; Arrange for some physical enclosure (locked) or&nbsp; any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.</P><P></P><P>&gt;&gt; Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.</P><P></P><P>&gt;&gt; Change the NATIVE VLAN from the default (VLAN 1)</P><P></P><P>&gt;&gt; Disable Trunk negotiation (ON mode)</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sun, 20 Feb 2011 07:50:56 GMT Farrukh Haroon 2011-02-20T07:50:56Z Authenticating trunk ports? https://community.cisco.com/t5/network-access-control/authenticating-trunk-ports/m-p/1628685#M295974 <P>Hi all,</P><P></P><P>Perhaps a stupid question but I find myself unable to find a satisfying answer.</P><P></P><P>We have a couple of 3560 switches, all connected to 3750 stack. One&nbsp; of those 3560 switches is in a semi-open place place and I have been&nbsp; asked if that could be considered a security risk. Of course, it being&nbsp; in an open place is a risk, but if someone where to unplug the trunk&nbsp; connection to our stack and then plug it in another switch, what would&nbsp; happen?</P><P></P><P>Should/could we authenticate trunk ports/channel-groups? I have all switches configured to authenticate ssh login and network (mac based) against a radius server, but I have not configured authentication on the trunk ports as I have found descriptions that dot1x cannot be enabled on trunk ports.</P><P></P><P>Thanks in advance</P><P></P><P>Chris</P> Mon, 11 Mar 2019 00:49:57 GMT https://community.cisco.com/t5/network-access-control/authenticating-trunk-ports/m-p/1628685#M295974 CSchaatsbergen 2019-03-11T00:49:57Z Re: Authenticating trunk ports? https://community.cisco.com/t5/network-access-control/authenticating-trunk-ports/m-p/1628686#M295982 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I would suggest the following:</P><P></P><P>&gt;&gt; Arrange for some physical enclosure (locked) or&nbsp; any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.</P><P></P><P>&gt;&gt; Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.</P><P></P><P>&gt;&gt; Change the NATIVE VLAN from the default (VLAN 1)</P><P></P><P>&gt;&gt; Disable Trunk negotiation (ON mode)</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sun, 20 Feb 2011 07:50:56 GMT https://community.cisco.com/t5/network-access-control/authenticating-trunk-ports/m-p/1628686#M295982 Farrukh Haroon 2011-02-20T07:50:56Z