Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

securing Network

Hi,

i want to secure my network, so that no body can connect his pc into my network .

So , what is the best way to implement this.i have a database of all the MAC adrress of PC's. Can we restrict PC's which are not in that database.

6 REPLIES

Re: securing Network

yes you can do that using port security where you can bind the mac-address to a particular port.

Also it is recommended to shut down all the unused ports

have a look at this link

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/port_sec.html

HTH

Narayan

Community Member

Re: securing Network

Hi,

Thanks for the reply.Actally i have 200 PC's and i want that only that's much PC's will be able to access my network.Can i have a central database of all mac-address , so that first switch will refer that database and then authenticate .

Community Member

Re: securing Network

try VMPS ,it is possible to have the switch dynamically choose a VLAN based on the MAC address of the device connected to a port.if the PC MAC address was not there in the databae it will not assine to any of VLAN ( you minght need to shutdown the native VLAN - 1 )

http://www.netcraftsmen.net/welcher/papers/switchvmps.html

Community Member

Re: securing Network

Hi,

Thanx for the response.

I have 2 3750 switches and 8 2960 switches .

How to implement VMPS on this . Do i need some windows server .

Please send some sample configuration .

Whether it is a good idea to implement VMPS.

Re: securing Network

You may also consider a RADIUS solution - hardware or software. As mentioned above, it's a good idea to make sure you shutdown unused ports. I even go so far as unpluging cables from the switches in all my closets.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
Hall of Fame Super Bronze

Re: securing Network

VMPS is a nice concept and it's often mentioned in many CCNA/CCNP publications. However, 802.1x is taking up and it's often the recommended approach for security at the access layer.

Take a look at this document:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12240se/scg/sw8021x.htm

135
Views
0
Helpful
6
Replies
CreatePlease to create content