cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
587
Views
0
Helpful
3
Replies

Best practice for limiting network management to few devices

Hello ,

I have set up a very basic security implementation that is no way realistic, but I just want to experiment and learn...

In my 1801 router that answers DHCP requests on separate wired and wireless vlans, I have bound static IP addresses to the MAC addresses of my laptop wireless and wired interfaces.

Then I set up an ACL to permit inbound traffic from these IPs only for the vty lines.

Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.

What is the best practice in professional environments?

Thanks.

3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

To not circulate passwords.

Leo Laohoo
Hall of Fame
Hall of Fame
Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.

TACACs or RADIUS with robust password policy and regular interval to change the passwords (30 to 45 days).

Read this and go to the "Composing hard-to-guess passwords" section.

mfurnival
Level 4
Level 4

You could add another layer of security by adding static IP to MAC address mappings on the router. Again, this is circumventable as you can change the MAC address in software but it might keep out the casual intruder.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: