Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco LAN MAC address security

Posted on 2004-10-07
5
Medium Priority
?
301 Views
Last Modified: 2010-04-11
Does anyone know of a centralized solution (apart from Cisco URT) that will allow me to baseline all the MAC addresses currently on a WAN without having to manually collect them and type them into a filter list on multiple switches, and after will then prevent any new MAC addresses from attaching to the network without authorization?
0
Comment
Question by:dommurray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 12252397
You can use Solarwinds Switchport mapper to get a current map (excel spreadsheet) of all of your existing MAC address/IP address mappings, but there is nothing in it that will enforce "no new mac's"..
The URT is the tool of choice if you're doing this company-wide across a WAN..
If you've got systems that don't happen to be on at the time you run the baseline, they won't show up.
Set your port security to only allow one mac address, set it for 'sticky'. Any port that shows as down at the time you run the baseline, go in and disable them until/unless someone provides you the MAC. Very manual process without the autmoated URT tool or something like it..
0
 
LVL 10

Expert Comment

by:winzig
ID: 12262652
there is better sollutiuon than MAC filtering, you can deploy 802.1x and each before any pc will be connected to your network have to be authenticated(using the smard card, domain credentials, certificate ....)
0
 
LVL 1

Author Comment

by:dommurray
ID: 12265940
Will 802.1x stop a machine getting an IP address from DHCP and therefore spreading whatever infection it may have over my IP network? I am wondering about any worms/viruses etc that can spread in those circumstances?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266176
The Vernier solution is pretty neat -

http://www.verniernetworks.com/products/

0
 
LVL 3

Expert Comment

by:happythedog
ID: 12270759
could go static assignment of ips and mac address sticky , pain in the *** but effective  , i am inclined to agree with you lrmoore
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
How does someone stay on the right and legal side of the hacking world?
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question