06-15-2013 01:30 PM - edited 03-03-2019 07:06 AM
Hello ,
I have set up a very basic security implementation that is no way realistic, but I just want to experiment and learn...
In my 1801 router that answers DHCP requests on separate wired and wireless vlans, I have bound static IP addresses to the MAC addresses of my laptop wireless and wired interfaces.
Then I set up an ACL to permit inbound traffic from these IPs only for the vty lines.
Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.
What is the best practice in professional environments?
Thanks.
06-16-2013 06:48 AM
To not circulate passwords.
06-16-2013 02:38 PM
Obviously this is easily defeated by statically assigning these same IPs to any device on the network, so I was thinking about a better way to limit management of the router to a few devices.
TACACs or RADIUS with robust password policy and regular interval to change the passwords (30 to 45 days).
Read this and go to the "Composing hard-to-guess passwords" section.
06-17-2013 05:23 AM
You could add another layer of security by adding static IP to MAC address mappings on the router. Again, this is circumventable as you can change the MAC address in software but it might keep out the casual intruder.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: