I'm trying to implement a MAC Access Control List on our Microsoft LAN.
Can anyone point me in the right direction?
Printable View
I'm trying to implement a MAC Access Control List on our Microsoft LAN.
Can anyone point me in the right direction?
What kind of hardware do you use? Specifically, your managed switches.
In our LAN, we're only using unmanaged switches, is there a way to accomplish this via the domain controller w/ dhcp??
Then you need to buy some managed switches.
And to your second question, no, no way that can't be easily bypassed. *cough* static address *cough*
could u give us detail about "where" and "why" u want to establish that security? It will be wellcome to allow us to help u.
We're a small startup company we have quite a few people coming in just plugging their laptops into our network. I would like to only authorize people who have their macs on our access control list to be able to get an IP address and connectivity.
Unfortunately we don't have the money to buy a managed switch right now.
Hey Hey,
Have you checked out the NetReg Software? We have it implemented here for ITD students running laptops. You have a username and password and plug in your laptop and if it's an unknown MAC address it asks you to login, however each user can only register one PC on the network. It's quite handy software and probably fairly close to what you are looking for. You can check it out @ http://www.netreg.org/
Quote:
Overview
NetReg is an automated system that requires an unknown DHCP client to register their hardware before gaining full network access. Through a simple web interface, the client is prompted for their user identification. Powerful scripts then retrieve the client's network fingerprint and store it along with the user's information in a database. The database provides administrators with real-time information for troubleshooting and auditing their networks. The entire system was developed utilizing unmodified, open-source servers and in-house developed CGI programs.
Peace,
HT
Get yourself a L2 type switch that allows you to configure ACLs based on MAC addresses.
I personally recommend cisco 3550 switch. The 3550 supports L2 and L3 functionality, however for your application/requirement, the L2 is way to go......alot cheaper. I deployed about 500 of them in last 6 month for international bank and they work very nicely..
If your looking for something cheaper, buy the lower model, either the Cisco 1900 or 2900 (although they are discontinued..Cisco no longer supports...works just as well) off Ebay..
Good Luck,,
P.S.
Configuration is straight forward.. All documentation is available on Cisco web site.
Get yourself a L2 type switch that allows you to configure ACLs based on MAC addresses.
I personally recommend cisco 3550 switch. The 3550 supports L2 and L3 functionality, however for your application/requirement, the L2 is way to go......alot cheaper. I deployed about 500 of them in last 6 month for international bank and they work very nicely..
If your looking for something cheaper, buy the lower model, either the Cisco 1900 or 2900 (although they are discontinued..Cisco no longer supports...works just as well) off Ebay..
Good Luck,,
P.S.
Configuration is straight forward.. All documentation is available on Cisco web site.
With these types of switches why not simply turn on port security?
With these types of switches why not simply turn on port security?
Port security is a misnomer. It just allows the first MAC address it sees access until it disconnects and ages out. It doesn't specify who is allowed to connect. I don't believe wildcards are supported in Cisco's IOS version of port security. So you can't just allow certain UIDs to connect.
And as far as Cisco's switches are concerned thay leave allot to be desired. They make a hell of a router but switches they stink at.
It goes along with the old industry saying....."No one ever got fired for buying Cisco."
IMHO - there are far better and less expensive and more exandable and more feature filled switches on the market than Cisco. They'd be my last choice, uh, next to Extreme that is.
Port security is a misnomer. It just allows the first MAC address it sees access until it disconnects and ages out. It doesn't specify who is allowed to connect. I don't believe wildcards are supported in Cisco's IOS version of port security. So you can't just allow certain UIDs to connect.
And as far as Cisco's switches are concerned thay leave allot to be desired. They make a hell of a router but switches they stink at.
It goes along with the old industry saying....."No one ever got fired for buying Cisco."
IMHO - there are far better and less expensive and more exandable and more feature filled switches on the market than Cisco. They'd be my last choice, uh, next to Extreme that is.
Im curious Korp;
In your humble opinion, what stinks about cisco switches. I for one will be the first to tell you that they are not the best switches with respect to performance. I personally was involved in stress testing 2 other vendors against Cisco's high end 6500 switches.
However our results were based soley on performance under extreme and I mean extreme conditions, which with the backplane of today's switches, you "may" never reach a saturation point. I've used the IXIA and Smartbit traffic generators for the "bakeoff".
Three vendors tested were Cisco, Extreme, and Foundary.
Extreme came in first running at wire speed, Cisco was a very close second, and foundary at a dead last.
Now back to my point;
Other things to consider when choosing a vendor are:
1) cost
2) Interoperability
3) features supported
4) mangement
5) support (where Cisco blows the competition in this area)
6) robustness (how buggy the IOS is. Ive worked a lot with the Alpine, Black diamond and Summit48i Extreme switches..And they are in my opinion not as stable as the Cisco Switches.They are, however cheaper.)
Im sure it may be debated, but all in all from my experience, taking all of the above into consideration and having worked with 3Com, Cisco, Extreme and Foundary; I find Cisco to be premier...I am strictly speaking for use in large enterprise network.. Not pop and mom shops..
Just an FYi
Some of the Extreme founders were former Cisco employees. Just as was the case with Juniper whose routers outperform cisco's high end routers and are slowly creeping up all over ISP backbones. It too was started by ex Cisco employees.
Also, if anything, I would argue Cisco's routers are worse than their switches....A lot less stable...
Im curious Korp;
In your humble opinion, what stinks about cisco switches. I for one will be the first to tell you that they are not the best switches with respect to performance. I personally was involved in stress testing 2 other vendors against Cisco's high end 6500 switches.
However our results were based soley on performance under extreme and I mean extreme conditions, which with the backplane of today's switches, you "may" never reach a saturation point. I've used the IXIA and Smartbit traffic generators for the "bakeoff".
Three vendors tested were Cisco, Extreme, and Foundary.
Extreme came in first running at wire speed, Cisco was a very close second, and foundary at a dead last.
Now back to my point;
Other things to consider when choosing a vendor are:
1) cost
2) Interoperability
3) features supported
4) mangement
5) support (where Cisco blows the competition in this area)
6) robustness (how buggy the IOS is. Ive worked a lot with the Alpine, Black diamond and Summit48i Extreme switches..And they are in my opinion not as stable as the Cisco Switches.They are, however cheaper.)
Im sure it may be debated, but all in all from my experience, taking all of the above into consideration and having worked with 3Com, Cisco, Extreme and Foundary; I find Cisco to be premier...I am strictly speaking for use in large enterprise network.. Not pop and mom shops..
Just an FYi
Some of the Extreme founders were former Cisco employees. Just as was the case with Juniper whose routers outperform cisco's high end routers and are slowly creeping up all over ISP backbones. It too was started by ex Cisco employees.
Also, if anything, I would argue Cisco's routers are worse than their switches....A lot less stable...