- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- MAC Filtering
-
- Forums
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- OEM Solutions
- Servers: The Right Compute
- Shifting to Software-Defined
- Telecom IQ
- Transforming IT
- Infrastructure Solutions German
- L’Avenir de l’IT
- IT e Trasformazione Digitale
- Enterprise Topics
- ИТ для нового стиля бизнеса
- Blogs
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Forums
-
Blogs
-
InformationEnglish
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-04-2007 10:14 PM
03-04-2007 10:14 PM
MAC Filtering
There's probably going to be 20-30 MAC's total for the whole switch.
Have I missed something, or are there any best practise recommendations for this?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-04-2007 10:37 PM
03-04-2007 10:37 PM
Re: MAC Filtering
I think that 802.1X mac-based authentication is probably the way to go for this one. Seems a bit much effort for a network of this size though.
Matt
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-04-2007 11:23 PM
03-04-2007 11:23 PM
Re: MAC Filtering
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-04-2007 11:49 PM
03-04-2007 11:49 PM
Re: MAC Filtering
Hopefully someone else has a simpler idea...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-05-2007 07:40 PM
03-05-2007 07:40 PM
Re: MAC Filtering
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-05-2007 07:58 PM
03-05-2007 07:58 PM
Re: MAC Filtering
If a MAC that is not on the list hooks up in a free active jack, it can't get an IP. If the bad guy knows your IP assignment policy and serves himself a valid IP of your subnet, then the ACL kicks in and filters out that IP (of course, you need to maintain the ACL to match the bootptab list of IP addresses).
If he gets an IP that is permitted and if that IP is not used when he does his dirty job (some users do have vacation, you know), then this scheme does not hold, unles you deny the IPs of users that are gone in vacation in the ACL.
If the IP is already in use by some active computer, then there will be a duplicate IP, which can be detected fairly easy, and the legitimate user's computer will not work - he will surely call you if he's not out for a smoke.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-06-2007 12:17 AM
03-06-2007 12:17 AM
Re: MAC Filtering
Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company.
----------
If my post was useful, click on my KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-06-2007 12:59 AM
03-06-2007 12:59 AM
Re: MAC Filtering
I'll admit, some of the solutions seem a little excessive, although I'm not denying they may work (with a lot of effort and testing!). I think the idea of static DHCP reservations is possible, but if someone still knows the LAN IP range, then picking a valid IP and jumping on the LAN wouldn't be difficult. I'll think about it.
It's also true that most modern NIC's allow you to soft-code the MAC address, which is an issue if you use MAC lockdown. Removing local admin rights would reduce that risk though, along with a bit of user eduation!
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2019 Hewlett Packard Enterprise Development LP