cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
406
Views
0
Helpful
3
Replies

Best practice for limiting network management to few devices

Hello ,

I have set up a very basic security implementation that is no way realistic, but I just want to experiment and learn...

In my 1801 router that answers DHCP requests on separate wired and wireless vlans, I have bound static IP addresses to the MAC addresses of my laptop wireless and wired interfaces.

Then I set up an ACL to permit inbound traffic from these IPs only for the vty lines.

Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.

What is the best practice in professional environments?

Thanks.

3 REPLIES 3
paolo bevilacqua
Hall of Fame Master

To not circulate passwords.

Leo Laohoo
VIP Community Legend

Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.

TACACs or RADIUS with robust password policy and regular interval to change the passwords (30 to 45 days).

Read this and go to the "Composing hard-to-guess passwords" section.

mfurnival
Enthusiast

You could add another layer of security by adding static IP to MAC address mappings on the router. Again, this is circumventable as you can change the MAC address in software but it might keep out the casual intruder.

Content for Community-Ad