Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1076
Views
5
Helpful
6
Replies

Switch Port Security question

Go to solution
Kaushik Ray
Level 1
Level 1

‎07-20-2012 04:21 AM - edited ‎03-07-2019 07:53 AM

Hello

I have a small question. Is there any way to secure switch ports apart from the MAC address option?

Any advice will be most welcome.

Regards

Kaushik

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alessio Andreoli
Level 5
Level 5
In response to Kaushik Ray

‎07-20-2012 06:46 AM

Yes,

it was my understanding you had some potential rogue WAP in your network... The two solutions combined should give you a good solution for your user data traffic. I possibly think that your concerns shopuld be also in other points of your network. Like guest vlan on wap devices (private vlan) , trunks protection, and other.

Alessio

View solution in original post

0 Helpful
6 Replies 6

Go to solution
fredareid
Level 1
Level 1

‎07-20-2012 04:34 AM

There are a few options that you can use. I think to better answer your question though I would like to know what you would like to do.

I know you can have the port dynamicly learn the MAC address or you can set it to limit the number of MAC addresses that can be active on the port at one time.

Non the less, because switches operate at "layer 2" they do most of their work based on MAC addresses.

Here is a nice little article on it.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25ew/configuration/guide/port_sec.html

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎07-20-2012 04:34 AM

Hi,

could you explain further ?

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Kaushik Ray
Level 1
Level 1
In response to cadet alain

‎07-20-2012 04:40 AM

Thanks for the replies, actually we have a remote router and we understand that the personnel there are plugging in rouge devices like unauthorized WAPs to extend the LAN. I understand that I can use MAC address to limit the devices and specify the devices but was wanting to know whether there are any other options to implement security apart from the MAC address filtering.

0 Helpful

Go to solution
Alessio Andreoli
Level 5
Level 5
In response to Kaushik Ray

‎07-20-2012 06:09 AM

Central RADIUS server.

Mac filtering is just introducing a lot of overhead (administration) and in the moment sombody simulates the MAC address your filter stop to be useful. For WAP add the 802.1x authentication mac and you shold be fine.

Take Care

Alessio

0 Helpful

Go to solution
Kaushik Ray
Level 1
Level 1
In response to Alessio Andreoli

‎07-20-2012 06:18 AM

Thanks Alessio but the 802.1x authentication MAC should only hold true for Cisco WAP right?

Regards

Kaushik

0 Helpful

Go to solution
Alessio Andreoli
Level 5
Level 5
In response to Kaushik Ray

‎07-20-2012 06:46 AM

Yes,

it was my understanding you had some potential rogue WAP in your network... The two solutions combined should give you a good solution for your user data traffic. I possibly think that your concerns shopuld be also in other points of your network. Like guest vlan on wap devices (private vlan) , trunks protection, and other.

Alessio

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card