https://community.cisco.com/t5/network-access-control/ise-securing-witch-port-channel-interfaces/m-p/4143206#M562582 <P>Hello,</P><P>&nbsp;</P><P>On my switch, I have all the switchports configured with ISE- 802.X. My question is how can I secure the interfaces that belongs to a channel-group ? Someone can easily unplug the port and plug in any device, and since there is not security on the port that may allow the device to connect to the network.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Example:</P><P>SW-C3850#</P><P>interface GigabitEthernet1/0/48<BR />switchport access vlan 10<BR />switchport mode access<BR />channel-group 1 mode on<BR />spanning-tree portfast<BR />ip dhcp snooping trust<BR />end</P><P>&nbsp;</P><P>SW-C3850#</P><P>interface GigabitEthernet2/0/48<BR />switchport access vlan 10<BR />switchport mode access<BR />channel-group 1 mode on<BR />spanning-tree portfast<BR />ip dhcp snooping trust<BR />end</P><P>&nbsp;</P><P>Thanks !!!</P> Fri, 28 Aug 2020 17:58:46 GMT BigK 2020-08-28T17:58:46Z https://community.cisco.com/t5/network-access-control/ise-securing-witch-port-channel-interfaces/m-p/4143206#M562582 <P>Hello,</P><P>&nbsp;</P><P>On my switch, I have all the switchports configured with ISE- 802.X. My question is how can I secure the interfaces that belongs to a channel-group ? Someone can easily unplug the port and plug in any device, and since there is not security on the port that may allow the device to connect to the network.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Example:</P><P>SW-C3850#</P><P>interface GigabitEthernet1/0/48<BR />switchport access vlan 10<BR />switchport mode access<BR />channel-group 1 mode on<BR />spanning-tree portfast<BR />ip dhcp snooping trust<BR />end</P><P>&nbsp;</P><P>SW-C3850#</P><P>interface GigabitEthernet2/0/48<BR />switchport access vlan 10<BR />switchport mode access<BR />channel-group 1 mode on<BR />spanning-tree portfast<BR />ip dhcp snooping trust<BR />end</P><P>&nbsp;</P><P>Thanks !!!</P> Fri, 28 Aug 2020 17:58:46 GMT https://community.cisco.com/t5/network-access-control/ise-securing-witch-port-channel-interfaces/m-p/4143206#M562582 BigK 2020-08-28T17:58:46Z https://community.cisco.com/t5/network-access-control/ise-securing-witch-port-channel-interfaces/m-p/4143245#M562583 <P>In terms of Security - we need to understand as below :</P> <P>&nbsp;</P> <P>1. Physical Security</P> <P>2. Network Security</P> <P>3. Layer Security ---so on</P> <P>&nbsp;</P> <P>If the Physical security breached - no one can help - it is a disaster - intruder can do anything.</P> <P>&nbsp;</P> <P>coming back to your question - This port is part of Port-channel - so what will happen when the end-user device connected?&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 28 Aug 2020 19:33:42 GMT https://community.cisco.com/t5/network-access-control/ise-securing-witch-port-channel-interfaces/m-p/4143245#M562583 balaji.bandi 2020-08-28T19:33:42Z https://community.cisco.com/t5/network-access-control/ise-securing-witch-port-channel-interfaces/m-p/4143307#M562586 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/286878">@balaji.bandi</a>&nbsp;</P><P>That is the question -<SPAN>&nbsp;what will happen when the end-user device is connected to one of these ports?&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks!</SPAN></P> Fri, 28 Aug 2020 22:18:49 GMT https://community.cisco.com/t5/network-access-control/ise-securing-witch-port-channel-interfaces/m-p/4143307#M562586 BigK 2020-08-28T22:18:49Z