Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
1
Replies

Global port security (NAC or MAC?)

andyirving
Level 1
Level 1

‎11-22-2005 10:38 AM - edited ‎02-21-2020 12:32 AM

I am looking for a solution where a user machine is authenticated before being allowed on the system, we have many users that move about the network and patch in wherever they can. i need to restrict access onto the network but obviously standard port-security cannot be used due to the dynamic nature of our users. I have looked at 802.1x with our ACS and using the Cisco Trust Agent as the supplicant, would this work?

Another thought I had would be if the switchport could check a database of known mac addresses before allowing access onto the network.

Has anybody any ideas how to implement this, I don't think we would need all the features of NAC but maybe this is the only solution.

0 Helpful
1 Reply 1

thomas.chen
Level 6
Level 6

‎11-28-2005 11:41 AM

From my understaning any workstation running 802.1x compliant client software (for ex. Windows XP) can be the supplicant.

You can also look into the option of using VMPS, where the users will be put on the same VLAN based on their MAC address to VLAN mapping on the VMPS database, irrespective of which ports they are connecting to. More info on VMPS is here:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/swvlan.htm#wp1375288

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card