Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1838
Views
0
Helpful
3
Replies

centralized MAC control access

arianto.wibowo
Level 1
Level 1

‎02-17-2010 11:09 PM - edited ‎02-21-2020 03:52 AM

I have a LAN with several Cisco 3750 and 2950/60 Catalyst switch

I would like to deploy a centralized solution to control access to the LAN. I am thinking of having a centralized MAC address list of permitted hosts, any switch could check if a host is in the list in order to allow it to access the LAN. Is this possible with these switches? I would like to avoid manual deploying of individual configurations to the switches, it should be a centralized solution.

And it will be better without any authentication, so it's transparent to users like switchport port-security do.

Thanks
0 Helpful
3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-18-2010 03:17 AM 

I have a LAN with several Cisco 3750 and 2950/60 Catalyst switch
I
would like to deploy a centralized solution to control access to the
LAN. I am thinking of having a centralized MAC address list of
permitted hosts, any switch could check if a host is in the list in
order to allow it to access the LAN. Is this possible with these
switches? I would like to avoid manual deploying of individual
configurations to the switches, it should be a centralized solution.
And it will be better without any authentication, so it's transparent to users like switchport port-security do.
Thanks

Hi ,

There are mainly two types of VLANs used by campus area network: Port-based VLANs and MAC-based VLANs. The characteristics of MAC-based VLANs are illuminated and this type VLANs is the best choice in small range network because the MAC-based VLANs can provide secure and convenient application.

The configuration of VMPS server and VMPS client is implemented in detail, including creating VMPS database, configuring VMPS server and configuring dynamic ports on VMPS clients.

Check out the below link on more information, Hope that help !!

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/vmps.html

If helpful do rate the post

Ganesh.H

0 Helpful

arianto.wibowo
Level 1
Level 1
In response to Ganesh Hariharan

‎02-18-2010 07:03 PM

Hi,

Thanks for your response.

But, is there any other possibilities ?

If it is implemented in large network (>500 devices), VMPS server will fully written by MAC only.

I have tried using ACS and dot1x scheme, it is work but need authentication every time user plug in to network.

Any other option ??

thanks

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to arianto.wibowo

‎02-22-2010 12:26 AM 

Hi,
Thanks for your response.
But, is there any other possibilities ?
If it is implemented in large network (>500 devices), VMPS server will fully written by MAC only.
I have tried using ACS and dot1x scheme, it is work but need authentication every time user plug in to network.
Any other option ??
thanks

Hi,

Yes you are right ACS with 802.1x is the power ful layer 2 authentication protocol which always works when you connect a cable to ethrenet port or port goes up/down state and it is the best way for security state and i dont think apart from VMPS any other option.

HTH

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card