Announcement

Collapse
No announcement yet.

Prevent access to LAN via switch security (WAS:how to prevent personal PCs or laptop)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prevent access to LAN via switch security (WAS:how to prevent personal PCs or laptop)

    I have network in my company (200 PC) that I am new employee and I wont to prevent personal PCs or laptop( belong to employee or visitor) to access network via LAN

    while I am searching I find that way but Unfortunately I don't know who to do it:

    get MAC address from all PCs in network and put them in switch (my switch CISCO 2950) to prevent any other PCs that is not in list of Mac address in switch (outside network) to access the network

    please help me by way or if there is other way that solve problem

  • #2
    Re: how to prevent personal PCs or laptop to access network via LAN? please help ASA

    Hi,

    Please make sure you do not double post. The forum rules are quite clear on that, thanks.

    You are possibly looking for port-security
    http://www.cisco.com/en/US/docs/swit...e/swtrafc.html
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: how prevent personal( in company) PCs or laptop to access network via Lan

      Hi,

      If you are using a DHCP server, you can make use of the Mac address filtering through DHCP as per this article: http://www.petri.com/filter-mac-addr...allout-dll.htm
      Also, keep an eye with the Intrusion Detection function of http://autoscan-network.com/

      Ta
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: Prevent access to LAN via switch security (WAS:how to prevent personal PCs or lap

        Cisco has a great tool called VMPS. It requires specific switches to allow for the "server" to host the database. However, VLAN Management Policy Server. You can basically setup a MAC filtering database that searches the connecting MAC address, checks it against the VMPS database, then allows it to get an IP address from the DHCP server only if it has an entry. Otherwise, it will deny it. I have this deployed within my infrastructure to allow Corporate users to connect to the Corporate VLAN, and then MAC's that are not in the the database get dropped to a "visitor" VLAN that only allows internet access. You can google all the VMPS stuff that you need. That is a great way to control how people access specific networks.

        Comment


        • #5
          Re: Prevent access to LAN via switch security (WAS:how to prevent personal PCs or lap

          Originally posted by jehays View Post
          Cisco has a great tool called VMPS. It requires specific switches to allow for the "server" to host the database. However, VLAN Management Policy Server. You can basically setup a MAC filtering database that searches the connecting MAC address, checks it against the VMPS database, then allows it to get an IP address from the DHCP server only if it has an entry. Otherwise, it will deny it. I have this deployed within my infrastructure to allow Corporate users to connect to the Corporate VLAN, and then MAC's that are not in the the database get dropped to a "visitor" VLAN that only allows internet access. You can google all the VMPS stuff that you need. That is a great way to control how people access specific networks.

          What if the user that plugs in his home laptop sets up a static ip address on his laptop not requiring an IP from the DHCP server. Will cisco just drop the connection and not let the laptop participate on the network? Thanks.

          Comment


          • #6
            Re: Prevent access to LAN via switch security (WAS:how to prevent personal PCs or lap

            You might want to look into enabling MAC address port security on the switch. This will allow only the MAC addresses that you program into the ports to connect to those ports.

            Comment


            • #7
              Re: Prevent access to LAN via switch security (WAS:how to prevent personal PCs or lap

              Thanks. I'll have to check if our switches support that function.

              Comment


              • #8
                Re: Prevent access to LAN via switch security (WAS:how to prevent personal PCs or lap

                As already said Port Security will do this job. Im pretty sure the 2950 supports this. Have a quick look at your "Show" commands to confirm this. MS also provides NAP. Have a look on cisco's website for details on integrating Network Access Control with MS's Network Access Protection.

                Comment

                Working...
                X