centralized MAC control access

Unanswered Question
Feb 17th, 2010

I have a LAN with several Cisco 3750 and 2950/60 Catalyst switch

I would like to deploy a centralized solution to control access to the LAN. I am thinking of having a centralized MAC address list of permitted hosts, any switch could check if a host is in the list in order to allow it to access the LAN. Is this possible with these switches? I would like to avoid manual deploying of individual configurations to the switches, it should be a centralized solution.

And it will be better without any authentication, so it's transparent to users like switchport port-security do.

Thanks
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Thu, 02/18/2010 - 03:17

I have a LAN with several Cisco 3750 and 2950/60 Catalyst switch

I would like to deploy a centralized solution to control access to the LAN. I am thinking of having a centralized MAC address list of permitted hosts, any switch could check if a host is in the list in order to allow it to access the LAN. Is this possible with these switches? I would like to avoid manual deploying of individual configurations to the switches, it should be a centralized solution.

And it will be better without any authentication, so it's transparent to users like switchport port-security do.

Thanks

Hi ,

There are mainly two types of VLANs used by campus area network: Port-based VLANs and MAC-based VLANs. The characteristics of MAC-based VLANs are illuminated and this type VLANs is the best choice in small range network because the MAC-based VLANs can provide secure and convenient application.

The configuration of VMPS server and VMPS client is implemented in detail, including creating VMPS database, configuring VMPS server and configuring dynamic ports on VMPS clients.

Check out the below link on more information, Hope that help !!

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/vmps.html

If helpful do rate the post

Ganesh.H

arianto.wibowo Thu, 02/18/2010 - 19:03

Hi,

Thanks for your response.

But, is there any other possibilities ?

If it is implemented in large network (>500 devices), VMPS server will fully written by MAC only.

I have tried using ACS and dot1x scheme, it is work but need authentication every time user plug in to network.

Any other option ??

thanks

Ganesh Hariharan Mon, 02/22/2010 - 00:26

Hi,

Thanks for your response.

But, is there any other possibilities ?

If it is implemented in large network (>500 devices), VMPS server will fully written by MAC only.

I have tried using ACS and dot1x scheme, it is work but need authentication every time user plug in to network.

Any other option ??

thanks

Hi,

Yes you are right ACS with 802.1x is the power ful layer 2 authentication protocol which always works when you connect a cable to ethrenet port or port goes up/down state and it is the best way for security state and i dont think apart from VMPS any other option.

HTH

Ganesh.H

Actions

This Discussion