asa 5505 port security

Unanswered Question
Aug 18th, 2009

Hello,

I am trying to configure my asa 5505 to only allow company PC's connected to my internal LAN and keep other from unplugging ports from their PC's and connecting say a laptop. I was thinking about trying to put some type of port security on the MAC address, but need help doing so. Does anyone know how to secure the ports to specific MAC addresses? Thanks for all your help!

Chris

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 08/18/2009 - 22:42

Hello Chris,

port security is a LAN switch stuff unless your users are so few that they connect directy to the ASA you need to configure the lan switch.

see for example the following for C3750

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swtrafc.html

or

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swtrafc.html

other features can be available including 802.1X authentication or ARP inspection with ip source guard but are more complex.

Hope to help

Giuseppe

maximtory Wed, 08/19/2009 - 00:55

Thanks for the response, yes this is actually a small branch office which is part of the reason for the added security. Is there anything we can do to keep users from connnecting their personal devices and using the same static ip's we have set to the pc's? Thanks.

maximtory Mon, 08/24/2009 - 12:52

Does any one have a solution to this situation? Your help would be most appreciated.

Actions

This Discussion