Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
4
Helpful
3
Replies

LAN Security

netview69
Level 1
Level 1

‎12-22-2007 09:11 PM - edited ‎03-05-2019 08:08 PM

In our LAN we have 300 node, as well as access point. I wants to put LAN security for unauthorize access. Which product is suitable for us, pls guide me.

We are using 2811 & five brances are connected through lease line.

Regds

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎12-22-2007 10:40 PM

Amit, I think that LAN security entails more of a practice than an actual product, but I don't want to go into deatils because there are many ways of implementing LAN security within your trusted network, this term is very a broad term. In some cases a product may be needed in the case of intrution prevention probes surveilance etc. throughout your network but I don't think this is what you are looking for please let me otherwise. What I am thinking you are looking is for ways of blocking of unauthorized access to your LAN by ways of unknown systems pluging into your switches , if this is correct here are few options that comes to mind.

1- You could implement port security 802.1x on your LAN switches.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/7.x/configuration/guide/8021x.html#wp1029655

2-Another option could be the use of dynamic VLAN assigments where you could have control of MAC addresses through vpms database.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_xp/eeswcfg/mascvmps.html

3- For wireless access points unauthorized access, do not broadcast your SID network, frequently implement new WEP keys.

4- Securely lock your communication rooms and only have one or maybe two with authorized access to comm rooms in remote sites.

Rgds

Jorge

Jorge Rodriguez

netview69
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-23-2007 03:41 AM

Yes VLAN is gd, can we use NAC device like NAC Appliance 3310 Server or NAC Network Module spare for 2800 ISR, NAC Network Module Release 4.1

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to netview69

‎12-23-2007 10:31 AM

Upsolutely as long as you know what exactly NAC provides and that this is what you are considering please refere to this link that provides you with more details of NAC deployments and guidelines.

http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html

Supported platforms for NAC network module

http://www.cisco.com/en/US/docs/security/nac/appliance/installation_guide/netmodule/nacnmgsg.html

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents