Hi,
We are trying to prevent unauthorised users from connecting PC's to the network and obtaining access to domain resources and the Internet.
We are using Cisco 2950 switches on a Windows 2000 domain.
My question is, can we allow traffic from only known (and pre-approved) MAC addresses?
Any ideas?
Thanks in advance
On 08.07.2005 17:23 snipped-for-privacy@netexperts.co.uk wrote
you can do, but you also should know that MAC addresses may be spoofed easily (e.g.
Arnold
Another option is port security, but a big admin overhead. MAC addresses are defined and allowed access only on specific interfaces.
Not good in a 'hot desk' environment.
eg:
! interface FastEthernet0/2 description desktop switchport mode access switchport port-security switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity switchport port-security mac-address sticky switchport port-security mac-address sticky 0000.3911.c3f4 mls qos cos override macro description cisco-desktop spanning-tree portfast spanning-tree bpduguard enable !
Big Si.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.