05-04-2007 10:28 PM - edited 03-05-2019 03:53 PM
hello..does cisco switch has feature to prevent ip conflict on the lan? at my office ip is usually grabbed by unintended user.
05-05-2007 03:23 AM
Hi,
This is a relative large migration process but
Cisco Network Admission Control (NAC) is an industry wide collaboration led by Cisco, which focuses on limiting the damage of security threats and it would also prevent your ip conflict issues.
Using NAC and Cisco Catalyst switches, administrators can restrict network access to only compliant and trusted endpoint devices (such as PCs, servers, and personal digital assistants [PDAs]). NAC enables Cisco switches to enforce access privileges when an endpoint device attempts to connect to a network. This decision can be based on information about the endpoint device such as its current antivirus state and OS patch level. NAC allows administrators to manage noncompliant devices in several ways: they can be denied access, placed in a quarantined area, or given restricted access to computing resources.
NAC is part of the Cisco Self-Defending Network, a strategy to dramatically improve the network's ability to automatically identify, prevent, and adapt to security threats.
The switches demand host credentials from the Cisco Trust Agent and relay this information to policy servers where NAC decisions are made. Based on customer-defined policy, the network enforces the appropriate admission control decision: permit, deny, quarantine, or restrict. These ACLs are configured automatically in the edge switches based on the policy returned to the switch. If clients do not authenticate correctly, they can be placed in the "quarantine VLAN" so that they can update their virus-checking software or client-based security agents. It is possible that, based on 802.1x authentication, the port is enabled, only to be restricted or denied because a device is not considered "safe."
Regards,
Bjornarsb
05-06-2007 10:04 PM
hi..is NAC hardware based? where it is located? and how NAC and switch and Policy works? does the policy server is actually ACS? tx ...
05-07-2007 04:41 AM
Hi,
Pleas have a look at this at a glance doc:
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns466/c643/cdccont_0900aecd800fdd58.pdf
Hope this is clarifying!
Regards,
Bjornarsb
05-08-2007 02:32 AM
Just check that Cisco NAC works with cisco switches only. But Juniper UAC works with other vendor switches also.
Best low cost solution will be enable DHCP on your network.
05-08-2007 02:58 AM
Hi,
Enabling dhcp cannot prevent unintended users to manually configure IP on their PC's ?
Regards,
Bjornarsb
05-08-2007 03:02 AM
Hi,
I quess that you at least should enable IEEE 802.1x Authentication ?
Regards,
Bjornarsb
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide