https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413223#M923835 <HTML><HEAD></HEAD><BODY><DIV class="jive-rendered-content"><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>I have a LAN with several Cisco 3750 and 2950/60 Catalyst switch</P><DIV class="qBodyLoggedOut" id="EchoTopic">I would like to deploy a centralized solution to control access to the LAN. I am thinking of having a centralized MAC address list of permitted hosts, any switch could check if a host is in the list in order to allow it to access the LAN. Is this possible with these switches? I would like to avoid manual deploying of individual configurations to the switches, it should be a centralized solution.</DIV><P>And it will be better without any authentication, so it's transparent to users like switchport port-security do.</P><P></P><DIV class="qBodyLoggedOut">Thanks</DIV></PRE></DIV><P></P><P>Hi ,</P><P></P><P>There are mainly two types of VLANs used by campus area network: Port-based VLANs and MAC-based VLANs. The characteristics of MAC-based VLANs are illuminated and this type VLANs is the best choice in small range network because the MAC-based VLANs can provide secure and convenient application.</P><P></P><P>The configuration of VMPS server and VMPS client is implemented in detail, including creating VMPS database, configuring VMPS server and configuring dynamic ports on VMPS clients.</P><P></P><P>Check out the below link on more information, Hope that help !!</P><P></P><P><A class="jive-link-external-small" href="http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/vmps.html">http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/vmps.html</A></P><P></P><P>If helpful do rate the post</P><P></P><P>Ganesh.H</P></BODY></HTML> Thu, 18 Feb 2010 11:17:48 GMT Ganesh Hariharan 2010-02-18T11:17:48Z https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413222#M923834 <P>I have a LAN with several Cisco 3750 and 2950/60 Catalyst switch</P><DIV class="qBodyLoggedOut" id="EchoTopic">I would like to deploy a centralized solution to control access to the LAN. I am thinking of having a centralized MAC address list of permitted hosts, any switch could check if a host is in the list in order to allow it to access the LAN. Is this possible with these switches? I would like to avoid manual deploying of individual configurations to the switches, it should be a centralized solution.</DIV><P>And it will be better without any authentication, so it's transparent to users like switchport port-security do.</P><P></P><DIV class="qBodyLoggedOut">Thanks</DIV> Fri, 21 Feb 2020 11:52:56 GMT https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413222#M923834 arianto.wibowo 2020-02-21T11:52:56Z https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413223#M923835 <HTML><HEAD></HEAD><BODY><DIV class="jive-rendered-content"><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>I have a LAN with several Cisco 3750 and 2950/60 Catalyst switch</P><DIV class="qBodyLoggedOut" id="EchoTopic">I would like to deploy a centralized solution to control access to the LAN. I am thinking of having a centralized MAC address list of permitted hosts, any switch could check if a host is in the list in order to allow it to access the LAN. Is this possible with these switches? I would like to avoid manual deploying of individual configurations to the switches, it should be a centralized solution.</DIV><P>And it will be better without any authentication, so it's transparent to users like switchport port-security do.</P><P></P><DIV class="qBodyLoggedOut">Thanks</DIV></PRE></DIV><P></P><P>Hi ,</P><P></P><P>There are mainly two types of VLANs used by campus area network: Port-based VLANs and MAC-based VLANs. The characteristics of MAC-based VLANs are illuminated and this type VLANs is the best choice in small range network because the MAC-based VLANs can provide secure and convenient application.</P><P></P><P>The configuration of VMPS server and VMPS client is implemented in detail, including creating VMPS database, configuring VMPS server and configuring dynamic ports on VMPS clients.</P><P></P><P>Check out the below link on more information, Hope that help !!</P><P></P><P><A class="jive-link-external-small" href="http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/vmps.html">http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/vmps.html</A></P><P></P><P>If helpful do rate the post</P><P></P><P>Ganesh.H</P></BODY></HTML> Thu, 18 Feb 2010 11:17:48 GMT https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413223#M923835 Ganesh Hariharan 2010-02-18T11:17:48Z https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413224#M923836 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Thanks for your response.</P><P>But, is there any other possibilities ?</P><P>If it is implemented in large network (&gt;500 devices), VMPS server will fully written by MAC only.</P><P>I have tried using ACS and dot1x scheme, it is work but need authentication every time user plug in to network.</P><P>Any other option ??</P><P></P><P>thanks</P></BODY></HTML> Fri, 19 Feb 2010 03:03:14 GMT https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413224#M923836 arianto.wibowo 2010-02-19T03:03:14Z https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413225#M923838 <HTML><HEAD></HEAD><BODY><DIV class="jive-rendered-content"><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>Hi,</P><P>Thanks for your response.</P><P>But, is there any other possibilities ?</P><P>If it is implemented in large network (&gt;500 devices), VMPS server will fully written by MAC only.</P><P>I have tried using ACS and dot1x scheme, it is work but need authentication every time user plug in to network.</P><P>Any other option ??</P><P></P><P>thanks</P></PRE></DIV><P>Hi,</P><P></P><P>Yes you are right ACS with 802.1x is the power ful layer 2 authentication protocol which always works when you connect a cable to ethrenet port or port goes up/down state and it is the best way for security state and i dont think apart from VMPS any other option.</P><P></P><P>HTH</P><P></P><P>Ganesh.H</P></BODY></HTML> Mon, 22 Feb 2010 08:26:32 GMT https://community.cisco.com/t5/network-security/centralized-mac-control-access/m-p/1413225#M923838 Ganesh Hariharan 2010-02-22T08:26:32Z