cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1163
Views
0
Helpful
9
Replies

Mac security

divine007
Level 1
Level 1

Hello All,

I have a vast lan network with segment like 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24.

For diff type of users, which they are then natted with a public segment. and each segment is sharped accordingly.

For labtops cisco IBNS is used for Wifi users.

now i realise pple use alot of desktops now and they are connected anyhow. making very difficult to troubleshoot when internet is slow.

So was thinking of now adopt a strategy whereby each mac will be mapped to various segment

Especially in the engineering, so the rest can now connect with a default segment and a best bandwidth

I wish to know if this possible. i have cisco 2811 series routers and cisco 296o switches

Thanks

9 Replies 9

nkarthikeyan
Level 7
Level 7

r u refering MAC-binding on the switchport for every interfaces where end user is connected....????

alex_ciobanu
Level 1
Level 1

Statically configuring MAC addresses on every switch for every port ?

Or are we missing something in here ?

I will use the mac to identify the users connected on various ports, and so the will be edited,

Tell how can i tell with this issue.

Or is just to put a good process in place??

Hi Divine,

I guess you could achieve ur goal by using VMPS (Vlan Memebership Policy Server), to dynamically map interfaces to proper vlans with regards to the connected Mac Address.

HTH,

plz Rate if it helped,


Soroush.

Hope it Helps!

Soroush.

Hi Ambe,

I do not know, if you can do this or not but this is the simplest way to do if you have DHCP server.

DHCP Server Callout DLL helps administrator to filter out DHCP Requests to DHCP Server based on MAC Address. When a device or computer tries to connect to network, it shall first try to obtain ip address from DHCP Server. DHCP Server Callout DLL checks if this device MAC address is present in known list of MAC addresses configured by administrators. If it is present, device shall be allowed to obtain ip address or device requests shall be ignored based on action configured by administrator.

MAC address based filtering will allow network administrators to ensure that only know set of devices in the system are able get ip address from DHCP Server. This DLL will help administrators to enforce additional security into network.

This callout DLL will help user in solving either of the following problems

1.       Allow Machines only belonging to set of MAC addresses to get ip address from DHCP Server.

2.       Deny Machines belonging to set of MAC addresses from getting ip address from this server.

This callout DLL shall work on Windows 2003 Server and Windows 2008 Server.

The usage is pretty simple and explained in the setup document along with the tool.

Both the dll (MacFilterCallout.dll) and the Setup document (SetupDHCPMacFilter.rtf) are copied on to %SystemRoot%\system32 folder after installation.

Updates done since initial version:

1.

  • Support for 32 bit and 64 bit OSs : Works on Windows 2003 and Windows 2008 Server


  • Ease of setup : You do not have to copy the DLLs to obscure locations or edit the registry entries.    The installer copies the files into the appropriate locations and makes the necessary registry changes.


  • Improved documentation :  Better documentation, along with a sample file.


2.You can now check out the information log file, for information on what all addresses were allowed/denied, while the DHCP server service is running.

Known Issue:

  1. This callout dll may not work on localized builds (non english builds).Regards

Regards

Please rate if it helps.

My cisco 2811 is doing the DHCP for me, do not possess a window dhcp server apart

Thanks

Ok will the solution

Thanks

hi all,

im just curious, why dont we use static dhcp binding on 2811?

http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfdhcp.html#wp1001108

at section Configuring Manual Bindings

regards,

Fahad2013
Level 1
Level 1

have you the solution?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco