Security topic on catalyst switch family

freddy.romero · ‎10-18-2002

I have a suggestion about a security topic on access switches. In our company we have Telecommunications Closet with Cisco Catalyst 2900 working as access switches, we have security problems in order to control access to our network by persons that visit the building. Cisco doesn’t have a security system that associate permission on a switch’s port with DHCP’s database. It could permit us manage a unique database on DHCP server with polices apply on port switch that only the MAC declared into DHCP server could have access to the network through port switches. This service have to be dynamic, independent to any port that user connects it on the network, actually the security polices only could be associated to port switch in static way.

If somebody know about a similar service, please let me know it.

jekrauss · ‎10-18-2002

Two options that address, in different ways, the issues that you've mentioned are:

1) EAP (Extensible Authentication Protocol) - available in windows XP, and windows 2000, sp3

dynamic VLAN assignment is only available through eap for certain switch platforms and versions at this point, but will continue to expand, quickly making this one of the best options.

Learn more about it here:

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/deacs_wp.htm

2) Cisco's URT - User Registration Tool

It's pretty kool - check out documention here:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/fam_prod/user_reg/2_5/user/index.htm

HTH

Jeff