07-20-2012 04:21 AM - edited 03-07-2019 07:53 AM
Hello
I have a small question. Is there any way to secure switch ports apart from the MAC address option?
Any advice will be most welcome.
Regards
Kaushik
Solved! Go to Solution.
07-20-2012 06:46 AM
Yes,
it was my understanding you had some potential rogue WAP in your network... The two solutions combined should give you a good solution for your user data traffic. I possibly think that your concerns shopuld be also in other points of your network. Like guest vlan on wap devices (private vlan) , trunks protection, and other.
Alessio
07-20-2012 04:34 AM
There are a few options that you can use. I think to better answer your question though I would like to know what you would like to do.
I know you can have the port dynamicly learn the MAC address or you can set it to limit the number of MAC addresses that can be active on the port at one time.
Non the less, because switches operate at "layer 2" they do most of their work based on MAC addresses.
Here is a nice little article on it.
07-20-2012 04:34 AM
Hi,
could you explain further ?
Regards.
Alain.
Don't forget to rate helpful posts.
07-20-2012 04:40 AM
Thanks for the replies, actually we have a remote router and we understand that the personnel there are plugging in rouge devices like unauthorized WAPs to extend the LAN. I understand that I can use MAC address to limit the devices and specify the devices but was wanting to know whether there are any other options to implement security apart from the MAC address filtering.
07-20-2012 06:09 AM
Central RADIUS server.
Mac filtering is just introducing a lot of overhead (administration) and in the moment sombody simulates the MAC address your filter stop to be useful. For WAP add the 802.1x authentication mac and you shold be fine.
Take Care
Alessio
07-20-2012 06:18 AM
Thanks Alessio but the 802.1x authentication MAC should only hold true for Cisco WAP right?
Regards
Kaushik
07-20-2012 06:46 AM
Yes,
it was my understanding you had some potential rogue WAP in your network... The two solutions combined should give you a good solution for your user data traffic. I possibly think that your concerns shopuld be also in other points of your network. Like guest vlan on wap devices (private vlan) , trunks protection, and other.
Alessio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide