Re: asa 5505 port security

maximtory · ‎08-18-2009

Hello,

I am trying to configure my asa 5505 to only allow company PC's connected to my internal LAN and keep other from unplugging ports from their PC's and connecting say a laptop. I was thinking about trying to put some type of port security on the MAC address, but need help doing so. Does anyone know how to secure the ports to specific MAC addresses? Thanks for all your help!

Chris

Giuseppe Larosa · ‎08-18-2009

Hello Chris,

port security is a LAN switch stuff unless your users are so few that they connect directy to the ASA you need to configure the lan switch.

see for example the following for C3750

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swtrafc.html

or

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swtrafc.html

other features can be available including 802.1X authentication or ARP inspection with ip source guard but are more complex.

Hope to help

Giuseppe

maximtory · ‎08-19-2009

Thanks for the response, yes this is actually a small branch office which is part of the reason for the added security. Is there anything we can do to keep users from connnecting their personal devices and using the same static ip's we have set to the pc's? Thanks.

maximtory · ‎08-24-2009

Does any one have a solution to this situation? Your help would be most appreciated.

Benjamin Allan · ‎06-06-2018

Years later, but I was looking to do the same thing.

Best solution I've come up with is to set the arp statically. "arp nameif 192.168.1.10 x.x.x"