uplink endpoint

suthomas1 — Mon, 09 Aug 2021 14:50:31 GMT

Good day,

Apart from ISE taking care of endpoint security, can it be used by any means to secure switch uplink ports or ports where servers may be connected.

Thank you.

Re: uplink endpoint

balaji.bandi — Mon, 09 Aug 2021 15:41:09 GMT

yes can be done profiling using ISE. ( you can segment Server connected ports).

Re: uplink endpoint

Greg Gibbs — Mon, 09 Aug 2021 22:42:55 GMT

What kind of security are you looking to provide for uplink ports? NAC is mainly intended to secure switchport connections that are patched out to the floor and accessible from common users (or threat actors that gain access to the floor). It is not intended to provide security for switch uplinks that are typically physically secured behind locked doors in a comms room.

Server operating systems typically have limited support for active authentication protocols like 802.1x, so you're limited to using MAC-based authentication (which is easily spoofed). Profiling might be possible, but servers do not typically provide much unique information to the network that can be used by profiling to provide any effective level of security. I normally recommend customers move any servers they have on the floor to a virtual environment that cannot easily be physically accessed by a normal user or threat actor.

topic uplink endpoint in Network Access Control

uplink endpoint

Re: uplink endpoint

Re: uplink endpoint