Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Port Security LAN

Posted on 2011-03-23
4
Medium Priority
?
482 Views
Last Modified: 2012-06-27
We currently use port-security on the LAN with a separate VLAN for Voice and Data. We want to protect against a person inside the LAN from disconnecting a PC then plugging in a laptop or WAP and getting an IP via DHCP...I am looking for solutions and ideals...best practice ETC. What options are there besides using 802.1x
0
Comment
Question by:markra4508
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Assisted Solution

by:enzogoy
enzogoy earned 332 total points
ID: 35203911
You can set that port security to a mac address of the ethernet of that desktop.  It will stop that port to connect to anything else.

Problem:  When you replace the desktop, you have to remember to change the mac address in the switch config too.
0
 

Author Comment

by:markra4508
ID: 35204009
thanks for response,

Will look into this option
0
 
LVL 4

Assisted Solution

by:kloux
kloux earned 332 total points
ID: 35204149
You want something like this. Use the sticky command so you don't have to enter all the Mac addresses manually and limit the number to 2. One Mac for the PC and one for the phone if they are using the same port on the switch.


Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Switch# show port-security interface fastethernet 3/12
Port Security              :Enabled
Port Status                :Secure-up
Violation Mode             :Shutdown
Aging Time                 :0
Aging Type                 :Absolute
SecureStatic Address Aging :Enabled
Maximum MAC Addresses      :5
Total MAC Addresses        :0
Configured MAC Addresses   :0
Sticky MAC Addresses       :11
Last Source Address        :0000.0000.0401
Security Violation Count   :0
0
 
LVL 3

Accepted Solution

by:
jerbear1337 earned 336 total points
ID: 35204703
enzogoy:
You can set that port security to a mac address of the ethernet of that desktop.  It will stop that port to connect to anything else.  

Please note authentication via mac address is not secure.  Any one could easily spoof the mac address of an authenticated machine to gain valid network addresses.  
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question