Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
3
Helpful
9
Replies

Ask The Expert:QoS on Catalyst Switches

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎08-17-2011 12:33 AM - edited ‎03-07-2019 01:44 AM

Hi Shashank,

I have network in my company (arounf 100 PC) that I want to prevent personal PCs or laptop( belong to employee or visitor) to access network via LAN.

while I was searching then I found  a way but I do not know how to implemt this.
My Idea is:

Get MAC address from all PCs in network and put them in to switch(But how????) ,if the extenal pc or laptop connect to my company network then he/she should not get the acess and I should get the automatic update or alert  that Someone is using outside device.(Not company device)

please help me to solve this problem.

How to implement this????

Regards

Sandeep Choudhary

Labels:
0 Helpful
9 Replies 9

Leo Laohoo
Hall of Fame
Hall of Fame

‎08-18-2011 01:51 AM

You can use either Active Directory or 802.1x.

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Leo Laohoo

‎08-18-2011 02:31 AM

Thank you very much............

But How can I implemet it .................this is my main problem......

Yes I have only 2 sloution either i have to connect with active directory or use 802.1x............

(Let me explain clearly:

Suppose I have 5000 employee on 4 location.( Italy, Spain, Germany, India)..

Means I have 5000 Mac address or 5000 laptops (Total).

If 1 person goes Germany to India...he should get access to LAN Network there because he is using company laptop or company Mac address.

If he uses his personal laptop.......then he should not get access...or someone from outside uses his laptop then he should not get access to LAN Network.

Now tell me how can I prevent my LAN Network.)

If you know how to implement then please let me know...

Regards

0 Helpful

garapoglou
Level 3
Level 3
In response to Sandeep Choudhary

‎08-18-2011 02:48 AM

Hi,

You don't want to mess with MAC addresses having to perform changes every time hardware changes.

Active Directory could solve your problem. By joining clients (PCs and laptops) to your domain, you can setup group policies. Each department could have an organizational unit of its own while you could setup specific group policies for specific organizational units.

Best regards,

Girogos

0 Helpful

garapoglou
Level 3
Level 3
In response to garapoglou

‎08-18-2011 03:48 AM

Well, you need to promote a server into a domain controller. Then setup your domain, create organizational units and group policies. When everything is done, you need to join clients to your domain.

Computers or users not authenticated to the active directory, will not be able to browse your network.

The problem is there's really a lot of work to be done since all of the above is actually a summary of what needed.

An excellent resource to start searching for the basic steps, is: http://support.microsoft.com while

http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads will definitely help.

Best regards,

Giorgos

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to garapoglou

‎08-18-2011 11:30 PM

Thanks you very much...

0 Helpful

garapoglou
Level 3
Level 3
In response to Sandeep Choudhary

‎08-18-2011 11:39 PM

You're welcome!

If you ask me, Active Directory will be a valuable asset to your company for many different reasons.

It may take time to configure if you don't have much experience but when done you will see the difference.

Good luck,

Giorgos

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to garapoglou

‎09-02-2011 04:21 AM

@Giorgos : As u said.... i have done with

1- promoted a server into a domain controller

2- setup a domain

3-created organizational units and group policies.

4-When everything finished then i joined clients to my domain.

Now my question is how can i give the condition that only joint client shoud get the access.

0 Helpful

garapoglou
Level 3
Level 3
In response to Sandeep Choudhary

‎09-02-2011 04:45 AM

Every user who won't have access to the web must be a member of a specific OU.

A specific GPO (group policy object) must be assigned to that OU. This GPO should set a false proxy server to Internet Explorer (say 0.0.0.0) while denying access to Internet Options for the user. This will do the trick.

Working with domain users, OUs and GPOs you'll see how many options you have. You can do lots of things.

Hope this helps. I know that this is not the appropriate place to discuss about Microsoft, so if there's something more I can do for you, just PM me.

Good luck,

Giorgos

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎08-18-2011 04:18 AM 

Suppose I have 5000 employee on 4 location.( Italy, Spain, Germany, India)..

You have 5000 employees and use 100 computers?

If 1 person goes Germany to India...he should get access to LAN Network there because he is using company laptop or company Mac address.
If he uses his personal laptop.......then he should not get access...or someone from outside uses his laptop then he should not get access to LAN Network.
Now tell me how can I prevent my LAN Network.)

This is Active Directory.  Any MS server guy/gal can implement Active Directory.

Another option is to use 802.1X.  If the PC/Laptop does not have the credentials you specify (membership to a domain via Active Directory, updated anti-virus, patches, etc.) then that user will go to a quarantine VLAN or a 169.254.X.X IP address.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card