Security Basics mailing list archives
RE: DHCP security
From: "Payton, Zack" <Zack.Payton () MWAA com>
Date: Tue, 11 Oct 2005 15:00:07 -0400
802.1X is a nice switch level protocol that enables one to restrict the activation of a switchport based on any number of criteria via the Extensible Authentication Protocol (EAP) and it's family of relatives. This suite enables one to restrict access based on any imaginable set of criteria including MAC address, username, machine name, certificate, etc. The option which you mentioned is (at least in the cisco world) referred to as port security. This option will allow frames sourced only from certain MAC adddresses to enter the switch. 802.1x is very simple to deploy, works cross platform/cross vendor, and offers a plethora of extentions that you can use including centralized management by connecting on the backend to a radius/tacacs server. Z -----Original Message----- From: razk () smarteam com [mailto:razk () smarteam com] Sent: Monday, October 10, 2005 3:38 AM To: security-basics () securityfocus com Subject: DHCP security hello i am looking for a solution of restricting unauthorised MAC addresses to be able to connect into our LAN. (Visitors etc.) our main concern is that we have around 50 new VmWares coming up everyday and our network is flat without any vlans so we can't realy put them in a seperate network. i was introduced to a solution on the port level of the switch but was wandering if there are any other solutions. thanks. Raz.
Current thread:
- DHCP security razk (Oct 11)
- <Possible follow-ups>
- RE: DHCP security Payton, Zack (Oct 12)