Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

L2 Access control to protect from un-authorised access to the LAN

Hi,

I have site where I need to control L2 access to the LAN. What options are available can you give me some pointers please...

The site is remote with MPLS to the site max 15 permanent and 10 company visitors need access to the LAN. Already live.

The problem I have, sometime external visitors ( High Level Managers)visit this site and plug their PCs, get IP address. I want to stop this, police this, either by using MAC authentication or some other method RADIUS etc. What options do I have. I have no Wireless and have no plan to put a Wireless LAN on this site. Can I do any kind of authentication befor user gets an IP from DHCP ? Your help will be much appriciated !!

4 REPLIES
Silver

Re: L2 Access control to protect from un-authorised access to th

Port authentication combined with 802.1x authentication would be a strong solution:

http://www.cisco.com/en/US/customer/products/hw/switches/ps5023/products_configuration_guide_chapter09186a0080212685.html

You didn't mention the model of switch you are using. That doc is for a 3750. It should work for most catalyst IOS switches.

HTH

Re: L2 Access control to protect from un-authorised access to th

I have Cisco 2950 on-site. Will you recommend 3750 or can I stay with 2950 ?

New Member

Re: L2 Access control to protect from un-authorised access to th

You could also simply use mac-address based port-security so that the port would shut down if a foreign pc plugged into your network.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d6a38.html#xtocid7

Re: L2 Access control to protect from un-authorised access to th

Hi,

I had a look on this option but for me it is too much administration required and may not be a good option for remote site.

Any other ideas please !

thanks

99
Views
5
Helpful
4
Replies
CreatePlease login to create content