Skip to main content

Network Access Control

you better be able to trust your network administrators (i.e. pay them well)

Network Access Control is basically authenticating endpoints before they can fully connect to the network. We can do this using any type of port security mechanism.

Disable Unneeded Switch Ports

This sounds easy enough. Less attack surfaces to monitor.

MAC Filtering

Only allow access to the network from devices who's MAC addresses are on our ACL for that port.

Sticky MACs

If port security is configured for a maximum of 5 MAC addresses, we only accept traffic from the first five devices to connect to the port. All traffic from other devices are dropped, and devices on the list that are inactive for a certain amount of time are also dropped from the list.

Port Violation State

A port enters 'violation state' when a host attempts to connect with a MAC address that violates the switch's policy. There are three main courses of action:

  • Protect mode: drop frames from this invalid address, but keep the port open (only usable with sticky MACs)
  • Restrict mode: drops frames and alerts violations, but also keep the port open
  • Shutdown mode (default): disables the port and sends alerts, must be re-opened using the no shutdown command

Configuration

  • en, conf t int f0/2 yeah yeah enter configuration mode
  • switchport
    • port-security
      • maximum 2 Set the maximum amount of trusted MAC addresses
      • mac-address sticky Enable Sticky MACs
      • violation [restrict|(protect|shutdown) Set the default port violation state.

No comments to display

Back to top