cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
487
Views
0
Helpful
2
Replies

Practial switchport management

sheldonj22
Level 1
Level 1

I was wondering what policies other medium-large sized companies (3500 computers) actually use for port security. A recent security audit stated that we need to restrict access ports to 1 MAC to prevent people from unplugging a computer and plugging in their own device in.

But given we have 1.3 guys to manage the entire Cisco based network, it seems it would be an administrative nightmare to restrict ports at that level. Is anyone else managing a network of our size or larger actually restricting ports on a MAC level and if so how much staff is supporting this?
 

2 Replies 2

Hi,

by the huge response you have got, I take it many people do not do it.

If you use  Cisco ACS, you can use 802.1x to authenticate hosts by their MAC address, this does not lock down a particular port, but allows hosts registered on the ACS to connect. to the network. so whoever is responsible for  for your device setup can register the devices on ACS.  

 

mcwalter
Level 3
Level 3

this may help but it does not address the administrative limitation you have. good luck!

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ewa/configuration/guide/conf/port_sec.html