Announcement

Collapse
No announcement yet.

How to prevent outer pc to connect my company LAN network.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to prevent outer pc to connect my company LAN network.

    Hi SEveryone,

    I have network in my company (around 100 PC) that I want to prevent personal PCs or laptop( belong to employee or visitor) to access network via LAN.

    while I was searching then I found a way but I do not know how to implement this.
    My Idea is:
    Get MAC address from all PCs in network and put them in to switch(But how to put 100 mac address in to switch????) ,if the extenal pc or laptop connect to my company network then he/she should not get the acess and I should get the automatic update or alert that Someone is using outside device.(Not company device)
    please help me to solve this problem.
    How to implement this????

    Regards

  • #2
    Re: How to prevent outer pc to connect my company LAN network.

    Not cisco related, but if you are running Server 2008R2 you can implement Network Access Protection and control LAN access via policies
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: How to prevent outer pc to connect my company LAN network.

      Originally posted by Ossian View Post
      Not cisco related, but if you are running Server 2008R2 you can implement Network Access Protection and control LAN access via policies
      Hi ossian,
      We are using only cisco products.

      Comment


      • #4
        Re: How to prevent outer pc to connect my company LAN network.

        basically, you need to run an audit of your current devices to get their mac addresses (I won't tell you specifically how to do this, but there are multiple ways, sh mac springs to mind)

        Ensur you know what should be where

        then you want to use Port-security. You can lock ports down to only accept connections from specific MAC addresses


        the other options would be to use what Ossian suggested - use NAC/NAP to apply policies to your network, so that only machines in specific states can connect

        (or, I belive cisco can also use 802.1x - network level authentication so the computer requires a certificate before it can connect)

        none of it is quick and simple though
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: How to prevent outer pc to connect my company LAN network.

          Hi tehcamel,
          Thanks for reply,
          You can lock ports down to only accept connections from specific MAC addresses??(How ).
          ....this the main question of mine...............i have cisco switch(24 ports.....).
          Regards
          Sandeep

          Comment


          • #6
            Re: How to prevent outer pc to connect my company LAN network.

            here you go:

            http://www.google.co.uk/search?aq=f&...ty+mac+address
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: How to prevent outer pc to connect my company LAN network.

              Don't know if I want to ask how 100 PCs and a 24 port switch go together.... Port Sharing by swapping LAN cables, possibly

              Also 100 PCs and no domain/servers sounds like a recipe for disaster
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: How to prevent outer pc to connect my company LAN network.

                Thanks.....
                I have one more question in my mind...is,,,,
                Can I get automatic update/alert/alarm from switch..when outer pc/laptop is connected to switch????...if yes then how ..........please

                Comment


                • #9
                  Re: How to prevent outer pc to connect my company LAN network.

                  Hi ossian,
                  Its not only 1 switch .........................i was saying i am using cisco switch 24port.

                  Comment


                  • #10
                    Re: How to prevent outer pc to connect my company LAN network.

                    probably.
                    Ciscoworks, or nagios maybe ?
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Re: How to prevent outer pc to connect my company LAN network.

                      HI ..
                      if we have more then 5000 employess...then we can not lock down each and every unused port.
                      My Scene is like this:
                      (
                      I have 5000 company laptop means 5000 mac address:
                      I want that only these mac address can use my ..LAN network.)..in any port.....of the switchs
                      not any other mac address...............

                      Comment


                      • #12
                        Re: How to prevent outer pc to connect my company LAN network.

                        here's a different idea.

                        why don't you run all your switches, with all ports in shutdown mode.
                        then you can only specifically enable a port if you need it. You could run port-security so it only allows a single mac address at any time

                        of course, this would not stop someone from unplugging their work pc and plugging their own laptop in.


                        This is about as much as I can suggest. If you're struggling to get any further based on the information that's provided (which should be enough to help you find enterprise-based solutions) then I suggest two options:

                        1) engage a consultant and pay the relevant fee
                        2) utilise your Cisco support contract and get them to help you.
                        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                        Comment


                        • #13
                          Re: How to prevent outer pc to connect my company LAN network.

                          Originally posted by sandeepchoudhary View Post
                          HI ..
                          if we have more then 5000 employess...then we can not lock down each and every unused port.
                          My Scene is like this:
                          (
                          I have 5000 company laptop means 5000 mac address:
                          I want that only these mac address can use my ..LAN network.)..in any port.....of the switchs
                          not any other mac address...............
                          Let me explain clearly:
                          Suppose I have 5000 employee on 4 location.( Italy, Spain, Germany, India)..
                          Means I have 5000 Mac address or 5000 laptops (Total).
                          If 1 person goes Germany to India...he should get access to LAN Network there because he is using company laptop or company Mac address.
                          If he uses his personal laptop.......then he should not get access...or someone from outside uses his laptop then he should not get access to LAN Network.
                          Now tell me how can I prevent my LAN Network.

                          Regards

                          Comment


                          • #14
                            Re: How to prevent outer pc to connect my company LAN network.

                            Are you running Active Directory?
                            Tom Jones
                            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                            PhD, MSc, FIAP, MIITT
                            IT Trainer / Consultant
                            Ossian Ltd
                            Scotland

                            ** Remember to give credit where credit is due and leave reputation points where appropriate **

                            Comment


                            • #15
                              Re: How to prevent outer pc to connect my company LAN network.

                              Originally posted by sandeepchoudhary View Post
                              Let me explain clearly:
                              Suppose I have 5000 employee on 4 location.( Italy, Spain, Germany, India)..
                              Means I have 5000 Mac address or 5000 laptops (Total).
                              If 1 person goes Germany to India...he should get access to LAN Network there because he is using company laptop or company Mac address.
                              If he uses his personal laptop.......then he should not get access...or someone from outside uses his laptop then he should not get access to LAN Network.
                              Now tell me how can I prevent my LAN Network.

                              Regards
                              oh, I understand your scenario quite clearly.
                              you don't need to keep explaining it, even though you have now added information we didn't know initially, which totally changes the scope.

                              All that aside, both Ossian and I have provided suggestions on how to do this. You should be able to develop those ideas into a solution from there.
                              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                              Comment

                              Working...
                              X