Ethernet Switches & Routers

Reply
New Contributor
dhartnet
Posts: 4
Registered: ‎05-05-2011

Best way to lock down a switch (only allowed MAC addresses)

Folks, whats the best way to lock down a switch (FCX648GS) to only allow PC's with MAC addresses that I specify?

(Mac filtering, mac authentication) ??

Occasional Contributor
sethfiermonti
Posts: 5
Registered: ‎08-23-2012

Re: Best way to lock down a switch (only allowed MAC addresses)

You should leverage MAC based authentication using a RADIUS server.  That way, you leverage a central repository for MAC addresses that are authentication and some have even better intelligence (Aruba ClearPass) to leverage profiling information out of the network to permit/deny based on context like category (phone, video, computer, printer, etc), OS Type, and OS detail.  If all the MAC are part of the same groups...like a VoIP phone or a printer, then Profiling information can be leveraged and the work of doing MAC entry is eliminated. 

See here - ClearPass Policy Manager | Aruba Networks

New Contributor
dhartnet
Posts: 4
Registered: ‎05-05-2011

Re: Best way to lock down a switch (only allowed MAC addresses)

Seth, thanks, I read that as well on Brocade after I posted, your description was right-on.

I ended up doing this for each port in use, and it works fine for now (since its only a temp in-place policy)..

(Only the machines plugged into the ports I assign will work)..

mac filter 1 permit 0012.3f09.03a6 ffff.ffff.ffff any

mac filter 2 permit 0000.c5a0.5536 ffff.ffff.ffff any

mac filter 3 permit 0025.b327.6a7e ffff.ffff.ffff any

mac filter 32 deny any any

!

interface ethernet 1/1/13

mac filter-group 2 32

!

interface ethernet 1/1/15

mac filter-group 1 32

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.