[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Basic Network Security - locking down ports

Posted on 2011-04-29
8
Medium Priority
?
291 Views
Last Modified: 2012-05-11
I was just pulled into a team to provide a solution for a large government entity.  I know some basic network stuff, but I need a good solution quickly.

Here's what we're trying to accomplish:

Lock down all the network ports in the building.  As of now, anyone can plug in their personal laptop and access all parts of the network.  We'd like to possibly us LDAP or MAC addresses from the laptops owned by the client the only access.  Personal laptops should have access, but only basic internet if possible.

The building runs all of the ports off of a Cisco Catalyst 6500e switch.  This is also a Windows Server environment. What are my options and the commands (unfamiliar with Cisco commands) to make this happen.

0
Comment
Question by:liquid101
  • 4
  • 3
8 Comments
 
LVL 15

Expert Comment

by:greg ward
ID: 35493108
This is how to use mac addressess to secure your network.
http://www.techrepublic.com/blog/security/lock-down-cisco-switch-port-security/320
sorry but most of it is worth reading.
Greg
0
 
LVL 1

Author Comment

by:liquid101
ID: 35493143
What about using LDAP or DHCP?  I'm just suggesting, I don't know how to actually do it properly.
0
 
LVL 11

Expert Comment

by:Paolo Santiangeli
ID: 35493194
hi,
maybe 802.1x?

have a look here:
http://it.mmjp.net/?p=368
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:liquid101
ID: 35493240
Thanks, guys... We're looking at a quick fix using DHCP MAC filtering.  Here's hoping.
0
 
LVL 11

Expert Comment

by:Paolo Santiangeli
ID: 35493273
you have to pay attention: mac address can be discovered and spofed.
0
 
LVL 1

Author Comment

by:liquid101
ID: 35493560
We need the most basic level at this point.  We can get more advanced later.  We're looking at a quick solution to put out a few fires immediately.
0
 
LVL 11

Accepted Solution

by:
Paolo Santiangeli earned 2000 total points
ID: 35493576
0
 
LVL 1

Author Comment

by:liquid101
ID: 35493649
That's exactly what we're looking at trying.  THANKS!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question