Unsolved
This post is more than 5 years old
6 Posts
0
37632
Power Connect 6248 Port/Mac Security
Hello everyone
Our company recently bought a PC6248 to replace our old core switches. To secure our ports we currently map one mac address to each port in order to prevent unauthorized computers from plugging into our network. Unfortunately this has led to a administrative hassle since we had to physically move the ports on the switch every time someone moves cubical or requires access in the boardroom with there laptop.
I was wondering if it is possible to add all the mac addresses of our workstations in the company to an ACL and apply the ACL to all the ports? and If so how?
JustinY
1 Rookie
1 Rookie
•
117 Posts
0
December 2nd, 2008 16:00
What you would be looking for is a MAC Access List. However access lists on the 6200 are limited to 12 ACEs(Access Control Entries) so unless you have fewer than 12 servers its not going to work well.
A better solution would be to use 802.1x port based authentication on the port. Really this is the only secure way to control your access. MAC addresses could be spoofed quite easily.
Just a question, but do you have your users connect directly to the 6248? We only have servers and switches connected to ours, and dont use any port level security on them. They are physically locked up with the servers though so unless you have access to the room you cannot connect to them directly. Our access layer switches are were we use port based controls because you never know what someone will try to connect to a port.
Westcort
6 Posts
0
December 3rd, 2008 07:00
Thanks for your response.
Yes i agree MAC addresses can be spoofed quite easily but i have heard that there is a lot of administrative hassals with 802.1x.
Yes our clients are connected to one of our 6248 switch and our servers connected to another. We only use port level security on the workstations and not the server. I think i have an idea of where i can go from here thanks for your help!