security for the l2 ports of 4506 catalyst

Unanswered Question
May 19th, 2008


I have users of around 4000 in a building . They were configured for their project subnet and we have a guest network for the external users who come to visit their project people..We have to put them in a guest subnet where his access is restricted...But Many of my users would come calling up their guests and make them to sit along with them and our employee would give up his port to the guest where he would also be a project network and the guest would have all the possibilities to see our employees project details coupled with our company resources...

I want to have a remedy for this..

I tried configuring the Mac-based port restrictions . But we have lot of pc's moving internally , so our intervention in configuring the ports also increases day by day....

What i would like to have is ...

I must have all the mac-addresses of our company network .....When a mac-address apart from this is received it should block that that the guest laptop plugged int to the employees port must get blocked and whereas any of the prescribed lap tops mac-address must not get blocked in taht port...

Is there any for this....?

pls reply



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
pcomeaux Mon, 05/19/2008 - 17:50

Hi -

Have you considered the NAC Appliance as a solution for this scenario?



blrnetwork Tue, 05/20/2008 - 01:23

No can i know whats the thing to do with the Nac appliance ..Is it like acs or some other thing...I fso can you pls redirect me or say where could i find the documents..pls...



pcomeaux Tue, 05/20/2008 - 04:40

Hi Gokulakrishnan -

There's a wealth of information available in the Chalk Talk series to help you understand the NAC Appliance - much more than I could possibly describe here.

Please look for that content here:



blrnetwork Wed, 05/21/2008 - 02:46

Hai peter

I think cAS is a nac appliance . But whether it's a software installed on a server or it's hardware like Firewall.

Is there any trial version to download ?



pcomeaux Fri, 05/23/2008 - 10:02

Hi Gokulakrishnan -

Yes - the NAC Appliance is a hw/sw solution for you.

There are a few components

- the NAC Manager - this is where the policy is defined (also called CAM)

- the NAC Server - this enforces the policy and is placed nearest the user (also called CAS)

- the NAC Agent - this installs on the computers to provide posture information

Eval Units are available through your account team.

Please let me know if you have additional questions.



blrnetwork Sun, 05/25/2008 - 22:22

Hai So i think we have to get a new device from cisco ? . If so can i know what's the price of it.




This Discussion