Is a secure connection possible?

[JBruyet]

Hey all, I'm trying to setup a connection using two 2524 switches and I have a question regarding security. What I'm trying to do is setup a connection from Office A (which is secure) to IDF room B (which is not secure) to Office C (which is secure). I don't need hardcore security but I do want to prevent someone from plugging a laptop into a patch panel port in the IDF room and being able to access anything in either office. I thought I had the answer with Port Security, Static Mode, Address Limit one and the MAC address of a device. Nope. Traffic still gets through regardless of the MAC address of the device plugged into that port. Any other ideas on how to make it a little more secure? I'm starting to consider a pair of Cisco routers but I don't want to pillage my budget for this.

Thanks,

Joe B

 

[unclerico]

802.1x/PEAP. Also, shut down any port that isn't being used.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[JBruyet]

Unclerico, I'll look into the 802.1x/PEAP. As to shutting down ports, the 2524 switches will be in locked rooms so physical security will be taken care of. The problem is the connections to the IDF room which is unlocked because three other tenants have devices in the room. The only switch ports I need security on are the ports to/from the IDF room.

Thanks,

Joe B

 

[JBruyet]

Never mind. I just realized (as I was working on the switch again) that I hadn't hit "Apply" once I had entered the MAC addresses.

Here's my sign.

Joe B

 

[JBruyet]

Ok, I just hit another snag. In the large office there are too many computers to enter the MAC address for each one. Would configuring a VLAN between the two ports allow for a secure connection without having to create some kind of access list on each switch? I've never done anything with VLANs before so I guess I should start reading up on them.

Thanks,

Joe B