liquid101
asked on
Basic Network Security - locking down ports
I was just pulled into a team to provide a solution for a large government entity. I know some basic network stuff, but I need a good solution quickly.
Here's what we're trying to accomplish:
Lock down all the network ports in the building. As of now, anyone can plug in their personal laptop and access all parts of the network. We'd like to possibly us LDAP or MAC addresses from the laptops owned by the client the only access. Personal laptops should have access, but only basic internet if possible.
The building runs all of the ports off of a Cisco Catalyst 6500e switch. This is also a Windows Server environment. What are my options and the commands (unfamiliar with Cisco commands) to make this happen.
Here's what we're trying to accomplish:
Lock down all the network ports in the building. As of now, anyone can plug in their personal laptop and access all parts of the network. We'd like to possibly us LDAP or MAC addresses from the laptops owned by the client the only access. Personal laptops should have access, but only basic internet if possible.
The building runs all of the ports off of a Cisco Catalyst 6500e switch. This is also a Windows Server environment. What are my options and the commands (unfamiliar with Cisco commands) to make this happen.
ASKER
What about using LDAP or DHCP? I'm just suggesting, I don't know how to actually do it properly.
ASKER
Thanks, guys... We're looking at a quick fix using DHCP MAC filtering. Here's hoping.
you have to pay attention: mac address can be discovered and spofed.
ASKER
We need the most basic level at this point. We can get more advanced later. We're looking at a quick solution to put out a few fires immediately.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That's exactly what we're looking at trying. THANKS!
http://www.techrepublic.com/blog/security/lock-down-cisco-switch-port-security/320
sorry but most of it is worth reading.
Greg