Solved

Cisco LAN MAC address security

Posted on 2004-10-07
5
296 Views
Last Modified: 2010-04-11
Does anyone know of a centralized solution (apart from Cisco URT) that will allow me to baseline all the MAC addresses currently on a WAN without having to manually collect them and type them into a filter list on multiple switches, and after will then prevent any new MAC addresses from attaching to the network without authorization?
0
Comment
Question by:dommurray
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12252397
You can use Solarwinds Switchport mapper to get a current map (excel spreadsheet) of all of your existing MAC address/IP address mappings, but there is nothing in it that will enforce "no new mac's"..
The URT is the tool of choice if you're doing this company-wide across a WAN..
If you've got systems that don't happen to be on at the time you run the baseline, they won't show up.
Set your port security to only allow one mac address, set it for 'sticky'. Any port that shows as down at the time you run the baseline, go in and disable them until/unless someone provides you the MAC. Very manual process without the autmoated URT tool or something like it..
0
 
LVL 10

Expert Comment

by:winzig
ID: 12262652
there is better sollutiuon than MAC filtering, you can deploy 802.1x and each before any pc will be connected to your network have to be authenticated(using the smard card, domain credentials, certificate ....)
0
 
LVL 1

Author Comment

by:dommurray
ID: 12265940
Will 802.1x stop a machine getting an IP address from DHCP and therefore spreading whatever infection it may have over my IP network? I am wondering about any worms/viruses etc that can spread in those circumstances?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12266176
The Vernier solution is pretty neat -

http://www.verniernetworks.com/products/

0
 
LVL 3

Expert Comment

by:happythedog
ID: 12270759
could go static assignment of ips and mac address sticky , pain in the *** but effective  , i am inclined to agree with you lrmoore
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question