09-30-2010 05:56 PM - edited 03-06-2019 01:16 PM
I have about 185 or so 3750's all runing 12.2(50) IOS. I was hoping someone here could help. We are very big on Layer 2 security and are in the process of implementing 802.1x. We have been disabling ports manually and putting them in a dead Vlan whenever a port shows not connected. Is there any way to have the switch do that automatically or can CiscoWorks LMS 3.2 do this? All help is greatly appreciated.
09-30-2010 07:50 PM
Why do you prefer a dead vlan to just shutting the port? If you implement 802.1x, there is the concept of a guest vlan where unauthenticated clients are connected to an alternate vlan if they do not authenticate with a certificate.
10-01-2010 01:16 AM
I guess he means the situation, when no
client is connected to the port. your situations descripes when a client is using dot1x but is not authorized. anyway i g
uess it will be the easiest thing if you set the switchport access vlan to an unused vlan.
and if you disable the vlan on the trunks, your clients won't have any connection there. other thing to use is the embedded event manager, but you have to update to 12.3 or 12.4 for this. but there you can configure the port dynamicly with whatever you want if the port goes up or down. there are some breakouts from cisco live where you can find informations about it.
10-01-2010 03:26 AM
Jason,
Your internal security policies may mandate that an unused port must be protected by several layers to disallow access to the network. I routinely recommend doing this:
I admit - it is repetitive and largely redundant but significantly more foolproof at the same time
Best regards,
Peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: