Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
3
Replies

mac access-list

donnie
Level 1
Level 1

‎07-08-2015 09:05 AM - edited ‎03-08-2019 12:53 AM

Hi all,

 

Currently in my office environment there are several stacks of cisco 3850 switches acting as edge switches. 

Security is configured such that each switch stack is configured with a mac access-list containing mac addresses of all the authorized PCs. All ports in these switch stacks are applied with the mac access list except the uplink ports to core switches. Whenever there are new PCs, we would need to add their mac addresses to the mac accesslist of the different switches depending on where each pc would be deployed. Is it possible to centralise the adding of mac addresses(so that we need not add them to different switches) without deployment of servers? TIA!

Labels:
0 Helpful
3 Replies 3

jhager001
Level 1
Level 1

‎07-08-2015 02:42 PM

Why not just mac filter your OOB device? this would allow anyone on the LAN to connect locally with no problems or additions, but to access any outside network activity (i.e. internet) they would have to be allowed on the mac filter.

0 Helpful

donnie
Level 1
Level 1
In response to jhager001

‎07-08-2015 04:55 PM

Hi Jhager001,

 

DO you mean applying the mac accesslist on core switch uplink to internet ? But the requirement given to us is to protect the lan connected to the edge switches as well?

0 Helpful

saif musa
Level 4
Level 4

‎07-09-2015 12:32 AM

don li,

802.1x standard defines a client-server-based access control and authentication protocol that prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.

You can configure an 802.1x port for single-host or for multiple-hosts mode. In single-host mode, only one client can be connected to the 802.1x-enabled switch port. The switch detects the client by sending an EAPOL frame when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state.

for details... chick link below

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/security/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01111.html#ID389

 

Regards

 

please rate if its helpful

0 Helpful
Customers Also Viewed These Support Documents