Evening all,
I have a predicament with how best to secure a switch in a 'shared' rack. The switch itself is in a locked cabinet which only we have access to, but the patch panels are in a shared rack with the other building tenant.
I have contemplated implementing either port-security or 802.1x along with shutting all unused ports, but cannot see a way past the following to limit access to our network:
Most wall ports are patched to the shared rack and we can configure port-security for the known MACs for these PC's into the switch. There is an uplink to another switch that goes through a patched port in the shared rack, this would mean I would have to configure all downstream MAC's on this port with port-security enabled. Is this correct and achievable?
If I was to pursue the 802.1x route the uplink to the other switch would be in a forced authorised state meaning that the uplink could be unplugged at the shared patching rack and unrestricted access to the network would be granted. What is the best practice for securing uplinks when using 802.1x?
This is not a position I would like to be in but currently have no choice due to a plethora of reasons out of my control and need to make the best of the situation. I'm also currently limited with the switches I have to use. I have some Netgear FS728TP v2's or some procurves. Personally I hate the Netgears and would never buy them myself unless for very basic distribution/access switches.
If anyone can offer some advice on best practices or can suggest a solution I would be most grateful!
No comments:
Post a Comment