Solved

Cisco LAN MAC address security

Posted on 2004-10-07
5
295 Views
Last Modified: 2010-04-11
Does anyone know of a centralized solution (apart from Cisco URT) that will allow me to baseline all the MAC addresses currently on a WAN without having to manually collect them and type them into a filter list on multiple switches, and after will then prevent any new MAC addresses from attaching to the network without authorization?
0
Comment
Question by:dommurray
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12252397
You can use Solarwinds Switchport mapper to get a current map (excel spreadsheet) of all of your existing MAC address/IP address mappings, but there is nothing in it that will enforce "no new mac's"..
The URT is the tool of choice if you're doing this company-wide across a WAN..
If you've got systems that don't happen to be on at the time you run the baseline, they won't show up.
Set your port security to only allow one mac address, set it for 'sticky'. Any port that shows as down at the time you run the baseline, go in and disable them until/unless someone provides you the MAC. Very manual process without the autmoated URT tool or something like it..
0
 
LVL 10

Expert Comment

by:winzig
ID: 12262652
there is better sollutiuon than MAC filtering, you can deploy 802.1x and each before any pc will be connected to your network have to be authenticated(using the smard card, domain credentials, certificate ....)
0
 
LVL 1

Author Comment

by:dommurray
ID: 12265940
Will 802.1x stop a machine getting an IP address from DHCP and therefore spreading whatever infection it may have over my IP network? I am wondering about any worms/viruses etc that can spread in those circumstances?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266176
The Vernier solution is pretty neat -

http://www.verniernetworks.com/products/

0
 
LVL 3

Expert Comment

by:happythedog
ID: 12270759
could go static assignment of ips and mac address sticky , pain in the *** but effective  , i am inclined to agree with you lrmoore
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Security Overview Report 8 62
Home wireless security 10 62
Securely save Hyper-v backups on local NAS 5 21
Standalone trial or freeware to do SSL scan 4 30
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question