11-14-2006 01:31 AM - edited 03-05-2019 12:47 PM
I am responsible for several LANs that include sharing WCs with other organisations, and therefore access to my 3750 switches in unlocked cabinets.
I have no port security enabled and the ports are not shut down.
I would like to know the security implications of having unused switchports available to anyone eg with a laptop & DHCP configured?
What security measures can I configure?
Thanks in advance!
11-14-2006 01:41 AM
Hi Curtis
The best option would be disabling the ports using shutdown command and securing the access to the switch.
regds
11-14-2006 07:47 AM
thanks
what about the ports in use - how do i defend against someone unpatching a port and using it - MAC address port assignment?
thanks
11-14-2006 07:56 AM
Hi,
Your task sounds like you need to enable port security with sticky learning. The switch will learn the MAC address of the device attached to a port and add it to the config.
This can be configured with "switchport port-security mac-address sticky".
Have a look at f.e. "Configuring Port Security"
Hope this helps! Please rate all posts.
Regards, Martin
11-14-2006 08:32 AM
thanks martin
11-14-2006 01:58 AM
You may configure unused ports in a separate vlan which has limited access to network resources. This can be achieved in a simple way by placing an access-list on the vlan interface.
When your organization has more money, you may consider using a firewall for this.
Regards,
Leo
11-14-2006 07:45 AM
thanks leo
can you please explain further use of a firewall in this case?
thanks
11-14-2006 08:17 AM
In this case a firewall wouldn't be very effective. If a port were unpatched and a device like a WAP were connected to that port then the intruder is in your network.
I would administratively shutdown the unused ports and then use mac-address security sticky on the active ports. If possible I would also consider a secure rack for your network equipment.
11-14-2006 12:43 PM
I would look into 802.1x port authentication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide