Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
3
Replies

security on comcast connection

JMCNEL
Level 4
Level 4

‎09-01-2010 07:25 AM - edited ‎03-11-2019 11:33 AM

We have a star topology using eigrp and vrf's. We recently added a new site to our network. However what makes this site different from the rest of our sites is that its making use of another companies facilities and comcast connection The spare comcast connection terminate at all their buildings as well as our building. Its only a handful of users. The few users will use this comcast connection to access resources on our network off the 6509. please see diagram. They have connectivity but as of now no security on this connection. If someone from that company would plug computers in on that connection at any building where it terminates and use the same line those users are using they would gain access to our resources and network. What would you recommend for us to do to secure the connection and users. any suggestions would be great.

users ==> our switch ===> other company panel ===> comcast 311 box ===> cloud ====> comcast 311 box === 6509 === network resources

we do have a asa 5520 that protect our network and have rules in place for the other company. they have access to certain resources.

Labels:
0 Helpful
3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

‎09-01-2010 03:13 PM

What you need is NAC. NAC can allows and authenticate hosts and give them network access only if they have predefined criteria (MACs, Service PACKs, OSes, Antivirus).

You could also hardcode the MACs that you expect to be plugged in on the switch and enable port security, so other computers plugged in will not be allowed and the port will go error disabled.

I hope it helps,

PK

PS: The AAA forum can also help with suggestions on this.

0 Helpful

JMCNEL
Level 4
Level 4
In response to Panos Kampanakis

‎09-02-2010 05:02 AM

Actually the few users is the only folks that will have access to our switch. Im not concern about the switch I am concern about the

connection on the comcast box. Say connection 1 that terminate in the building where the users are also terminate in several other buildings which my building is one of them. If anyone from the other company plugs something into the comcast connection 1 they will gain access to our resources. How will NAC work on the comcast box?

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to JMCNEL

‎09-02-2010 09:54 AM

So, is the question that you want to apply access control on the  comcast device?

I am not sure how you would do that or what the device supports. Is it a Cisco device? What does it do exactly? Id it your ISP gateway? The 6509 could provide access control also. If comcast is your gateway, maybe ACLs on it will allow access to what you want.

I hope it helps,

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card