- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2017 02:28 PM - edited 03-08-2019 09:03 AM
Hello, regarding switchport port-security, the normal method is to allow based on MAC address.
I understand you can also use RADIUS 802.1x for this purpose.
My question is, is there any other form of port access authentication that can be used apart from these two ?
Thank you.
Solved! Go to Solution.
- Labels:
-
Other Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2017 04:47 PM
Hi
Those are the 2 possibilities to secure ports.
However, port security isn't a reliable method.
Within dot1x, you have several methods:
- MAC
- user/password
- certificate
- and web authentication even if it isn't used a lot for wired.
Thanks
PS: Please don't forget to rate and mark add correct answer if this answered your question
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2017 04:47 PM
Hi
Those are the 2 possibilities to secure ports.
However, port security isn't a reliable method.
Within dot1x, you have several methods:
- MAC
- user/password
- certificate
- and web authentication even if it isn't used a lot for wired.
Thanks
PS: Please don't forget to rate and mark add correct answer if this answered your question
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2017 07:12 PM
Hello Francesco, thank you.
Why do you say 'port security isn't a reliable method' ?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2017 07:37 PM
Because it's based on Mac address and this is something that you can spoof very easily.
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
