Re: Blocking a MAC address at the router
- From: DigitalVinyl <DigitalVinyl@xxxxxxxxxxxx>
- Date: Wed, 30 Nov 2005 02:32:20 GMT
"Igor Mamuzic" <no@xxxxxxx> wrote:
>www.cisco.com/go/nac ?
>
>B.R.
>Igor
I guess I need to stress SIMPLEST. NAC is very interesting but at our
size this is a $200k-300k implementation at minimum wiith a year+ long
implementation planning period. We are already talking with Cisco
about these initiatives. for a 2006-2008 implementation.
>"DigitalVinyl" <DigitalVinyl@xxxxxxxxxxxx> wrote in message
>news:jtqoo1djarvcqau1ubea18opckihr2m8dr@xxxxxxxxxx
>> ANybody have a simple method for blocking a MAC address or (less
>> effective) an IP address. We don't want to amend ACLs becuase laptop
>> can move from network to network.
>>
>> Basically I'm looking for the simplest method for blocking
>> virus/worm/trojan/spyware infected PCs. We have a honeypot log that
>> tells us the IP address but it is time consuming to track the PC down,
>> both logically on the switches and then dispatching desktop support to
>> track down the person/laptop and fix them.
>>
>> I'd prefer to block the MAC addresses at the three major routing nodes
>> and eliminate their ability to use the network. This would protect us
>> and force them to contact tech services. Our major routing nodes host
>> the routing interfaces on most of the networks. So if I can block the
>> MACs there it will work fairly well. We have too many switches(200+)
>> to do anything there
>>
>>
>> Thanks for any suggestions.
>>
>>
>> DiGiTAL_ViNYL (no email)
>
DiGiTAL_ViNYL (no email)
.
- References:
- Blocking a MAC address at the router
- From: DigitalVinyl
- Re: Blocking a MAC address at the router
- From: Igor Mamuzic
- Blocking a MAC address at the router
- Prev by Date: Re: Implicit rule PIX
- Next by Date: BGP load sharing with 2 default gateways
- Previous by thread: Re: Blocking a MAC address at the router
- Next by thread: cisco 7206 as (B|N)AS and per-user configuration
- Index(es):
Relevant Pages
|
