Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Vlan security development

I wanted to get opinions on an idea I had for port security. Port security is great, but when rolling out large projects it can be a tedious job entering in all those MAC addresses.

Can Cisco look into the possibility of creating a new feature called 'VLAN/PORT Security groups'. Within the groups admins could list chuncks of MAC addresses that are allowed/disallowed on a particular vlan.

It would have the same violation rule set as port-security.

Configuration under interface would look similar to this:

port-security address group 1

2 REPLIES
Hall of Fame Super Gold

Re: Vlan security development

Network Admission Control

Re: Vlan security development

Check out 802.1x Port Authentication. You use back end RADIUS servers for port authentication (end users) and you can setup static MACs for stuff like servers and printers. No need for MAC address configuration on the switches, but you will need certs and RADIUS servers and maybe a supplicant on the host. The nice thing is, you can move PC's anywhere in the company and they will work! Put a vendor PC on the network and it gets thrown into a dmz where they only get internet access.

1539
Views
0
Helpful
2
Replies
CreatePlease to create content