MAC Authentication on 3570 switch

By sdeko ·
I know that I can do port authentication on the Cisco 3750 switches, but its not clear to me if MAC address authentication can be done. Is anayone doing this on the switch?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

A few methods....

by aarongreenag In reply to MAC Authentication on 35 ...

There are a few methods that I can think of off of the top of my head for authenticating ports at Layer 2 (before IP addresses)

1) Use 802.1x authentication. This is a pain, and as far as I understand, it can't be controlled through Group Policy, but it will do the trick. Commonly used as a starting point for Wireless networks.

2) Use IPSec. A little over the top for port authentication, but can also be leveraged to secure communications while you're at it. Essentially it will force all clients to negotiate a security association, and if they can't negotiate, the connection is smoked.

3) Limit the number of MACs allowed on a switchport. This is programmed on the switchport in Cisco IOS, and will combat CAM flooding by only allowing the switch to learn a few MACs at a time.
ie: switch(config-if)#switchport port-security max-mac-count 2

4) Dynamically learn the SINGLE MAC that is currently on the switchport, and remember that one, do not allow any other MACs to use the switchport.
ie: switch(config-if)#switchport port-security mac-address sticky


1) Port Authentication
2) IP Authentication
3) Shared Medium MAC limiting
4) Single MAC permitted, doesn't combat spoofing

Related Discussions

Related Forums