05-20-2013 02:38 AM - edited 03-07-2019 01:26 PM
Port Security is enabled on switch, hence random mac's are disabled. But what if an insider disconnect his company assigned PC and connect with his own laptop into the same port having spoofed mac address of PC. Is there a way to detect that employee is using his laptop and not PC?
05-20-2013 03:46 AM
Hello
you can use Ip source guard or Dynamic Arp inspection (DAI)- Both work with DHCP snoopping
DAI - can also be used without DHCP snooping by specifiying static filters
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
05-20-2013 06:44 AM
pdriver wrote:
Hello
you can use Ip source guard or Dynamic Arp inspection (DAI)- Both work with DHCP snoopping
DAI - can also be used without DHCP snooping by specifiying static filters
None of these will be effective against MAC spoofing.
05-20-2013 03:47 AM
No.
For real security, rely on application layer, not network.
05-20-2013 07:32 AM
Hello Simardeep and CSC
Apologies for the misleading post - I interpreted your post incorrectly.
res
Paul
05-20-2013 04:06 AM
Hello,
you need a NAC (Network Access Control). NAC is device that using a set of protocols allows controlling the network access. When a computer connects to a network, it is not permitted to access anything unless it complies with a business defined policy, including anti-virus protection level, system update level and configuration.
Regards.
05-20-2013 04:55 AM
Dear Antonio,
I think NAC will solve most of the problem by first ensuring that device confirm to the business policy. It will put it into a seperate VLAN. My doubts are:
1. Can an insider still confirm to these business defined policy in some way say antivirus update and system update?
2. After authentication, he will be able to use production environment. Is there a way to detect, that he is using his personal laptop and not assigned PC?
05-10-2014 04:24 AM
There multiple ways of doing this.. most are listed below.
However if you want a quick and easy solution just run port-security, limit the MAC address on the interface and use the sticky feature. The sticky feature converts DYNAMIC mac addresses to STICKY and places the config in the running-config. If you reboot your device (without saving the config) the switch will re-learn and once again place into the running-config (after a reload). You can make it permanent by saving the config (copy running-config to startup-config)
This will force the port to only accept a certain number of known static macs.
As I said there’s multiple ways of doing this, this is just a quick and dirty way of nailing it up, here’s the commands you need;
Int X/X
switchport
switchport port-security
switchport port-security maximum X
switchport port-security mac-address sticky
Grev
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide