Port Security LAN

We currently use port-security on the LAN with a separate VLAN for Voice and Data. We want to protect against a person inside the LAN from disconnecting a PC then plugging in a laptop or WAP and getting an IP via DHCP...I am looking for solutions and ideals...best practice ETC. What options are there besides using 802.1x
markra4508Asked:
Who is Participating?
 
jerbear1337Connect With a Mentor Commented:
enzogoy:
You can set that port security to a mac address of the ethernet of that desktop.  It will stop that port to connect to anything else.  

Please note authentication via mac address is not secure.  Any one could easily spoof the mac address of an authenticated machine to gain valid network addresses.  
0
 
enzogoyConnect With a Mentor Commented:
You can set that port security to a mac address of the ethernet of that desktop.  It will stop that port to connect to anything else.

Problem:  When you replace the desktop, you have to remember to change the mac address in the switch config too.
0
 
markra4508Author Commented:
thanks for response,

Will look into this option
0
 
klouxConnect With a Mentor Commented:
You want something like this. Use the sticky command so you don't have to enter all the Mac addresses manually and limit the number to 2. One Mac for the PC and one for the phone if they are using the same port on the switch.


Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Switch# show port-security interface fastethernet 3/12
Port Security              :Enabled
Port Status                :Secure-up
Violation Mode             :Shutdown
Aging Time                 :0
Aging Type                 :Absolute
SecureStatic Address Aging :Enabled
Maximum MAC Addresses      :5
Total MAC Addresses        :0
Configured MAC Addresses   :0
Sticky MAC Addresses       :11
Last Source Address        :0000.0000.0401
Security Violation Count   :0
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.