Technical Tip: Configuring secure ports
Description
Solution
A user disconnects the network cable from a client computer and connects it to a laptop. Because the port is open and unsecured, the user can continue surfing the network with the NAC appliance unaware that a client switch has occurred.
- DATE: 5/13/2015
- VERSION: All
- PLATFORM: All
To prevent other clients from using a port, the port should be secured to allow only the current MAC address to communicate on that port. If any other MAC address (i.e., another client) tries to communicate through the port, port security disables the port.
Follow the procedure below to configure secure ports.
Note: For Cisco switches, best practice recommends configuring the switch to send an SNMP trap to the NAC appliance to indicate that the port has been disabled for security reasons.
Procedure:
- Navigate to Network Devices -> Topology.
- Right-click on the Switch to enable Port Security on.
- Check that the checkbox for Secure Ports is enabled for this device(s)