12-10-2012 10:34 AM
Folks, whats the best way to lock down a switch (FCX648GS) to only allow PC's with MAC addresses that I specify?
(Mac filtering, mac authentication) ??
12-13-2012 09:38 AM
You should leverage MAC based authentication using a RADIUS server. That way, you leverage a central repository for MAC addresses that are authentication and some have even better intelligence (Aruba ClearPass) to leverage profiling information out of the network to permit/deny based on context like category (phone, video, computer, printer, etc), OS Type, and OS detail. If all the MAC are part of the same groups...like a VoIP phone or a printer, then Profiling information can be leveraged and the work of doing MAC entry is eliminated.
See here - ClearPass Policy Manager | Aruba Networks
12-13-2012 09:52 AM
Seth, thanks, I read that as well on Brocade after I posted, your description was right-on.
I ended up doing this for each port in use, and it works fine for now (since its only a temp in-place policy)..
(Only the machines plugged into the ports I assign will work)..
mac filter 1 permit 0012.3f09.03a6 ffff.ffff.ffff any
mac filter 2 permit 0000.c5a0.5536 ffff.ffff.ffff any
mac filter 3 permit 0025.b327.6a7e ffff.ffff.ffff any
mac filter 32 deny any any
interface ethernet 1/1/13
mac filter-group 2 32
interface ethernet 1/1/15
mac filter-group 1 32