Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
10
Helpful
3
Replies

Cisco 3850 MAC-Based Access Control List

adeebtaqui
Level 4
Level 4

‎10-17-2018 02:55 AM - edited ‎03-08-2019 04:24 PM

What is the best way to prevent any personal devices from accessing  wired network from access switches 

 

Is configuring MAC-Based Access Control List by permitting only authorized mac addresses on cisco 3850 a good solution?  

Or any other.

 

 

Please share your knowledge and experience.

 

 

Labels:
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎10-17-2018 03:13 AM - edited ‎10-17-2018 03:15 AM

Hi there,

MAC ACLs are not a very scalable solution. Implementing MAB would be the enterprise scale solution, but since MAC addresses can be spoofed, it is not the most secure.

 

You then travel down the path of 802.1x. Using just password authentication would allow to easily bind users to MAC addresses, but that wouldn’t stop them from bringing in their own devices and authenticating.

So you could look at implementing EAP-TLS and installing signed certificates onto the user devices. If these devices are managed, then it should be easy to push the certificates to them. Without a valid signed certificate user devices would not be able to authenticate.

It would take a pretty determined user to extract the signed cert and place it on their personal device!

 

Take a look at this document:

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386952

 

Cheers,

Seb.

adeebtaqui
Level 4
Level 4
In response to Seb Rupik

‎10-18-2018 02:28 AM

Can ISE be deployed for this purpose?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card