We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Basic Network Security - locking down ports

Medium Priority
299 Views
Last Modified: 2012-05-11
I was just pulled into a team to provide a solution for a large government entity.  I know some basic network stuff, but I need a good solution quickly.

Here's what we're trying to accomplish:

Lock down all the network ports in the building.  As of now, anyone can plug in their personal laptop and access all parts of the network.  We'd like to possibly us LDAP or MAC addresses from the laptops owned by the client the only access.  Personal laptops should have access, but only basic internet if possible.

The building runs all of the ports off of a Cisco Catalyst 6500e switch.  This is also a Windows Server environment. What are my options and the commands (unfamiliar with Cisco commands) to make this happen.

Comment
Watch Question

greg wardSenior Systems Engineer
CERTIFIED EXPERT

Commented:
This is how to use mac addressess to secure your network.
http://www.techrepublic.com/blog/security/lock-down-cisco-switch-port-security/320
sorry but most of it is worth reading.
Greg

Author

Commented:
What about using LDAP or DHCP?  I'm just suggesting, I don't know how to actually do it properly.
Paolo SantiangeliConsulente Informatico
CERTIFIED EXPERT

Commented:
hi,
maybe 802.1x?

have a look here:
http://it.mmjp.net/?p=368

Author

Commented:
Thanks, guys... We're looking at a quick fix using DHCP MAC filtering.  Here's hoping.
Paolo SantiangeliConsulente Informatico
CERTIFIED EXPERT

Commented:
you have to pay attention: mac address can be discovered and spofed.

Author

Commented:
We need the most basic level at this point.  We can get more advanced later.  We're looking at a quick solution to put out a few fires immediately.
Consulente Informatico
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
That's exactly what we're looking at trying.  THANKS!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.