Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1746
Views
0
Helpful
2
Replies

Vlan security development

begnatoff
Beginner
Beginner

‎07-09-2009 09:16 PM

I wanted to get opinions on an idea I had for port security. Port security is great, but when rolling out large projects it can be a tedious job entering in all those MAC addresses.

Can Cisco look into the possibility of creating a new feature called 'VLAN/PORT Security groups'. Within the groups admins could list chuncks of MAC addresses that are allowed/disallowed on a particular vlan.

It would have the same violation rule set as port-security.

Configuration under interface would look similar to this:

port-security address group 1

Labels:
0 Helpful
2 Replies 2

Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend

‎07-11-2009 05:27 AM

Network Admission Control

0 Helpful

Collin Clark
Advisor
Advisor

‎07-17-2009 11:33 AM

Check out 802.1x Port Authentication. You use back end RADIUS servers for port authentication (end users) and you can setup static MACs for stuff like servers and printers. No need for MAC address configuration on the switches, but you will need certs and RADIUS servers and maybe a supplicant on the host. The nice thing is, you can move PC's anywhere in the company and they will work! Put a vendor PC on the network and it gets thrown into a dmz where they only get internet access.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Quick Links
Discussions
Customers Also Viewed These Support Documents