Hi
I have to look into securing our network from the inside. We have a few individuals that bring in their home devices and patch them into the network. The other problem is our budget at the current time is $0.
What I need to do is 1 - only allow company devices onto the network. Secondly minimse the administrative overhead when device/NICs being replaced by IT staff.
I'd rather not use mac-address lockdown at head office since it would be an admin head-ache. So when I started reading about the mac-based radius authentication it might be useful. I have a couple questions about it. first, the conf netlogin mac-address [mac-address] command is it used to create the list of valid macs? 2 - Can it be tied to a domain user account? 3 - does the configuration need to be on the edge switch where the device patches into or can it be consolidated at the core?
thanks
John
I have to look into securing our network from the inside. We have a few individuals that bring in their home devices and patch them into the network. The other problem is our budget at the current time is $0.
What I need to do is 1 - only allow company devices onto the network. Secondly minimse the administrative overhead when device/NICs being replaced by IT staff.
I'd rather not use mac-address lockdown at head office since it would be an admin head-ache. So when I started reading about the mac-based radius authentication it might be useful. I have a couple questions about it. first, the conf netlogin mac-address [mac-address] command is it used to create the list of valid macs? 2 - Can it be tied to a domain user account? 3 - does the configuration need to be on the edge switch where the device patches into or can it be consolidated at the core?
thanks
John