I am trying to find a decent example of the above. In brief I would like to authenticate a router in ACS, say by a specified MAC address, or unique router Hostname etc to protect against a user adding a rogue device a WAN in it's place.
Can this be done by setting the router itself as the 802.1X host. Or is there another way. I appreciate I could use 802.1X for user authentication but that's not the goal.
Any pointers woul be great.
Thaks.
Darren
Use a routing protocol with authenticstion prior to neighborship such as EIGRP/OSPF/BGP.....
Thanks John,
Of course I never thought about that, this will certainly help.
I still need to secure the device though down to it's MAC address. The issue I am trying to protect against is someone finding out what the router ADSL username & Password is and then replacing the WAN device with a rouge device with the copied ADSL credentials. Granted they would need to find out the routing protocol password but adding a simple static route and NAT'ing to the WAN IP would give them a path back.
I guess filtering out the WAN IP's would mean that unless their LAN is advertised there would be no route back, so I can definitely make use of your suggestion. I am just concerned that should a user get hold of a config, they can add some other device to the WAN and break the security I want to enforce. The users are IT savvy!!
Regards
Darren
Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, Darren Green chose the tried and tested strategy of:
Where? I very much doubt you can see the device's MAC from across the WAN.
However, this might be a bit closer to what you want:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.