Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Need to solve problems with no trusted users who get connection to LAN

Unanswered Question
Apr 20th, 2004
User Badges:

Because in my Network users are moved or relocated very often, most of the times without any advise, I most solve the problem I have with LAN ports in enable state not connected for a day or two, leaving a security hole.

I read something related to 802.1X to implement authentication via a radius server before giving connectivity to users, but first of all, my users are W2000 and I have a mixed platform of 6500 and 6000s catalyst switches running CATOS or IOS. IOS are catalyst 6500 with IOS version IOS (tm) c6sup2_rp Software (c6sup2_rp-PSV-M), Version 12.1(8a)E3, EARLY DEPLOYM

ENT RELEASE SOFTWARE (fc1). CATOS are 6500 or 6000s running CATOS version WS-C6009 Software, Version NmpSW: 6.1(3a)

Copyright (c) 1995-2002 by Cisco Systems

NMP S/W compiled on Feb 10 2002, 22:57:00

System Bootstrap Version: 5.2(1) and in the router module have Cisco Internetwork Operating System Software

IOS (tm) C6MSM Software (C6MSM-IN-M), Version 12.0(4a)WX5(11), RELEASE SOFTWARE.

Is it possible to implement a control with hardware and software according to the platform I have, or do you know any other solution to implement besides security port feature?, I mean, an easier feature to implement than port security.

Thanks for any advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owillins Mon, 04/26/2004 - 09:50
User Badges:
  • Silver, 250 points or more

You can use the switchport port-security command to control port access based on MAC addresses. Using port security, the interface dynamically learns MAC addresses or they can be statically configured too. You can also use AAA to authenticate users against locally configured username/passwords or databases such as tacacs+ or radius. Here is the documentation link on the same.


sguerrero Mon, 04/26/2004 - 13:35
User Badges:

Thanks for your question, just wanted to be sure there if there was something else besides port security or 802.1x, seems 802.1x is the best choice, but the only issue I have now is if my hardware supports to be upgraded to the IOS or CATOS that support this 802.1Xfeature.


This Discussion