Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Switch Port Security question

Hello

I have a small question. Is there any way to secure switch ports apart from the MAC address option?

Any advice will be most welcome.

Regards

Kaushik

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

Switch Port Security question

Yes,

it was my understanding you had some potential rogue WAP in your network... The two solutions combined should give you a good solution for your user data traffic. I possibly think that your concerns shopuld be also in other points of your network. Like guest vlan on wap devices (private vlan) , trunks protection, and other.

Alessio

6 REPLIES
New Member

Switch Port Security question

There are a few options that you can use. I think to better answer your question though I would like to know what you would like to do.

I know you can have the port dynamicly learn the MAC address or you can set it to limit the number of MAC addresses that can be active on the port at one time.

Non the less, because switches operate at "layer 2" they do most of their work based on MAC addresses.

Here is a nice little article on it.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25ew/configuration/guide/port_sec.html

Purple

Switch Port Security question

Hi,

could you explain further ?

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Switch Port Security question

Thanks for the replies, actually we have a remote router and we understand that the personnel there are plugging in rouge devices like unauthorized WAPs to extend the LAN. I understand that I can use MAC address to limit the devices and specify the devices but was wanting to know whether there are any other options to implement security apart from the MAC address filtering.

Switch Port Security question

Central RADIUS server.

Mac filtering is just introducing a lot of overhead (administration) and in the moment sombody simulates the MAC address your filter stop to be useful. For WAP add the 802.1x authentication mac and you shold be fine.

Take Care

Alessio

New Member

Switch Port Security question

Thanks Alessio but the 802.1x authentication MAC should only hold true for Cisco WAP right?

Regards

Kaushik

Switch Port Security question

Yes,

it was my understanding you had some potential rogue WAP in your network... The two solutions combined should give you a good solution for your user data traffic. I possibly think that your concerns shopuld be also in other points of your network. Like guest vlan on wap devices (private vlan) , trunks protection, and other.

Alessio

300
Views
5
Helpful
6
Replies