Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
2
Replies

Practial switchport management

sheldonj22
Level 1
Level 1

‎08-31-2015 12:07 PM

I was wondering what policies other medium-large sized companies (3500 computers) actually use for port security. A recent security audit stated that we need to restrict access ports to 1 MAC to prevent people from unplugging a computer and plugging in their own device in.

But given we have 1.3 guys to manage the entire Cisco based network, it seems it would be an administrative nightmare to restrict ports at that level. Is anyone else managing a network of our size or larger actually restricting ports on a MAC level and if so how much staff is supporting this?
 

Labels:
0 Helpful
2 Replies 2

Richard Bradfield
Level 6
Level 6

‎09-05-2015 12:41 AM

Hi,

by the huge response you have got, I take it many people do not do it.

If you use  Cisco ACS, you can use 802.1x to authenticate hosts by their MAC address, this does not lock down a particular port, but allows hosts registered on the ACS to connect. to the network. so whoever is responsible for  for your device setup can register the devices on ACS.  

 

0 Helpful

mcwalter
Level 3
Level 3

‎09-09-2015 06:29 PM

this may help but it does not address the administrative limitation you have. good luck!

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ewa/configuration/guide/conf/port_sec.html

 

0 Helpful
Customers Also Viewed These Support Documents