LAN Security

Unanswered Question
Dec 22nd, 2007

In our LAN we have 300 node, as well as access point. I wants to put LAN security for unauthorize access. Which product is suitable for us, pls guide me.

We are using 2811 & five brances are connected through lease line.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
JORGE RODRIGUEZ Sat, 12/22/2007 - 22:40

Amit, I think that LAN security entails more of a practice than an actual product, but I don't want to go into deatils because there are many ways of implementing LAN security within your trusted network, this term is very a broad term. In some cases a product may be needed in the case of intrution prevention probes surveilance etc. throughout your network but I don't think this is what you are looking for please let me otherwise. What I am thinking you are looking is for ways of blocking of unauthorized access to your LAN by ways of unknown systems pluging into your switches , if this is correct here are few options that comes to mind.

1- You could implement port security 802.1x on your LAN switches.

2-Another option could be the use of dynamic VLAN assigments where you could have control of MAC addresses through vpms database.

3- For wireless access points unauthorized access, do not broadcast your SID network, frequently implement new WEP keys.

4- Securely lock your communication rooms and only have one or maybe two with authorized access to comm rooms in remote sites.



netview69 Sun, 12/23/2007 - 03:41

Yes VLAN is gd, can we use NAC device like NAC Appliance 3310 Server or NAC Network Module spare for 2800 ISR, NAC Network Module Release 4.1

JORGE RODRIGUEZ Sun, 12/23/2007 - 10:31

Upsolutely as long as you know what exactly NAC provides and that this is what you are considering please refere to this link that provides you with more details of NAC deployments and guidelines.

Supported platforms for NAC network module




This Discussion