Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
5
Helpful
4
Replies

L2 Access control to protect from un-authorised access to the LAN

MUHAMMAD SHAHEEN
Level 4
Level 4

‎09-13-2006 06:39 AM - edited ‎03-03-2019 05:00 AM

Hi,

I have site where I need to control L2 access to the LAN. What options are available can you give me some pointers please...

The site is remote with MPLS to the site max 15 permanent and 10 company visitors need access to the LAN. Already live.

The problem I have, sometime external visitors ( High Level Managers)visit this site and plug their PCs, get IP address. I want to stop this, police this, either by using MAC authentication or some other method RADIUS etc. What options do I have. I have no Wireless and have no plan to put a Wireless LAN on this site. Can I do any kind of authentication befor user gets an IP from DHCP ? Your help will be much appriciated !!

Labels:
0 Helpful
4 Replies 4

mmorris11
Level 4
Level 4

‎09-13-2006 06:43 AM

Port authentication combined with 802.1x authentication would be a strong solution:

http://www.cisco.com/en/US/customer/products/hw/switches/ps5023/products_configuration_guide_chapter09186a0080212685.html

You didn't mention the model of switch you are using. That doc is for a 3750. It should work for most catalyst IOS switches.

HTH

MUHAMMAD SHAHEEN
Level 4
Level 4
In response to mmorris11

‎09-13-2006 07:04 AM

I have Cisco 2950 on-site. Will you recommend 3750 or can I stay with 2950 ?

0 Helpful

bregimand
Level 1
Level 1
In response to MUHAMMAD SHAHEEN

‎09-13-2006 01:36 PM

You could also simply use mac-address based port-security so that the port would shut down if a foreign pc plugged into your network.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d6a38.html#xtocid7

MUHAMMAD SHAHEEN
Level 4
Level 4
In response to bregimand

‎09-14-2006 01:09 AM

Hi,

I had a look on this option but for me it is too much administration required and may not be a good option for remote site.

Any other ideas please !

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents