Jacob Glassman
asked on
Controlling Network Access to Company Owned Devices
I'm currently looking for a system that has the ability to validate whether a device is 'company owned' based on a MAC address. If the MAC address is not a company owned device, network services would be denied to the device.
In our network, we use Cisco ASA devices. From what I can tell, this is not a feature that could be implemented in the ASA itself, however I was wondering if there was a way to implement this somehow in the ASA?
My questions are these:
1. Is there an off-the-shelf solution for this? and
2. Is there any way to implement this type of control in an ASA?
In our network, we use Cisco ASA devices. From what I can tell, this is not a feature that could be implemented in the ASA itself, however I was wondering if there was a way to implement this somehow in the ASA?
My questions are these:
1. Is there an off-the-shelf solution for this? and
2. Is there any way to implement this type of control in an ASA?
Check out Infoblox which allows devices on the network based on MAC https://www.infoblox.com/
ASKER
Are there any solutions that are free or open source?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Take a look at TeemIp - IP Address Management solution https://sourceforge.net/projects/teemip/
As a point of contention. InfoBlox will deny the issuance of and IP to an unknown host but if that same host is internal to your perimeter and able to physically connect, it won't do much for an attacker that configures their IP manually.
If so, no, there is no native capability like this on the ASA.
On the upside, you can use NAC to manage this. The Cisco centric solution is ISE. There are numerous others on the market though.