Hi All,
Well after thinking I had secured my desktop environment something occured to me which now means that I am not happy with the security!!!
My typical access port is configured as such:
interface GigabitEthernet0/28
description x x x x
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0024.1d0a.0840
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end
Now this satisfies security in some way i.e. if somebody is to patch a PC into the wall port with a different MAC address the port will shutdown. However, as I was able to prove, when I adjust the MAC address of my laptop (to the one that is used above) then patch it in I get access to the network, and no warning is sent. Obviously this is totally unsatisfactory. I appreciate most users wouldn't know how to do this (change a MAC address) but I always like to plan for the worst case scenario. Doing a bit of looking around I see people are making use of 802.1x. Does anybody have any experience in deploying such a method? or have access to any best practices, etc?
Cheers
Darren