03-11-2021 05:38 AM
IOS and XE switches doesn't seem to support 802.1x on etherchannel interfaces. What is the best practice/recommendation to secure these ports (etherchannel interfaces) to stop someone from plugging in unauthorized devices?
Solved! Go to Solution.
03-11-2021 01:07 PM
@Madura Malwatte wrote:
IOS and XE switches doesn't seem to support 802.1x on etherchannel interfaces.
Etherchannel ports should never support 802.1x.
@Madura Malwatte wrote:
What is the best practice/recommendation to secure these ports (etherchannel interfaces) to stop someone from plugging in unauthorized devices?
Most important is if any person can physically access the access switches then it is "game over".
Lock the cabinets down to stop people from unpatching ethterchannel connection(s) to other ports. Put CCTV to make sure people are identified correctly.
03-11-2021 06:07 AM
I think you can use a switch-port security by static/sticky mac address learning.
But only, when port isn't trunk but access.
If someone plug in with wrong mac adress, port should be disabled.
Other config to apply should be MACsec.
03-11-2021 01:07 PM
@Madura Malwatte wrote:
IOS and XE switches doesn't seem to support 802.1x on etherchannel interfaces.
Etherchannel ports should never support 802.1x.
@Madura Malwatte wrote:
What is the best practice/recommendation to secure these ports (etherchannel interfaces) to stop someone from plugging in unauthorized devices?
Most important is if any person can physically access the access switches then it is "game over".
Lock the cabinets down to stop people from unpatching ethterchannel connection(s) to other ports. Put CCTV to make sure people are identified correctly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide