Managed Gigabit Switch with MAC address filtering
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Managed Gigabit Switch with MAC address filtering

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Ethernet
Author Message
Nite Rider
Guest
Posted: Fri Jul 15, 2005 8:20 am    Post subject: Managed Gigabit Switch with MAC address filtering Reply with quote
Hi all,

I need a 24 port managed Gigabit switch that can let people connect to
the network based on their network card's MAC address. If the MAC
address is known then it lets them connect, if the MAC address is not
known then the switch would reject all traffic from the computer.
Basically the switch needs to have a MAC based ACL. It also has to be
under $800. All ports have to be gigabit, not just a couple.

I need this because the location where this switch is to be installed
is not really secure. And the patch panel is used by two tenents, which
means that one tenent could sneakily connect a patch wire from the
patch panel to the switch and steal internet, try hacking the server,
or simply infect workstations.

So if you know of any gigabit switches that do this, please post them.

Thanks,
Nite Rider
Back to top
Patrick Schaaf
Guest
Posted: Fri Jul 15, 2005 8:20 am    Post subject: Re: Managed Gigabit Switch with MAC address filtering Reply with quote
"Nite Rider" <niteriderxp@hotmail.com> writes:

Quote:
I need a 24 port managed Gigabit switch that can let people connect to
the network based on their network card's MAC address. If the MAC
address is known then it lets them connect, if the MAC address is not
known then the switch would reject all traffic from the computer.

Are you aware that it is trivial to set the MAC address used by
an end stations to any arbitrary value? If a potential attacker
knows which MAC address is configured on a certain port, they
can disconnect the port, connect their own machine, set the
correct MAC address, and use your service without a chance
for the MAC acl to recognize the situation.

Also, with a switch in an unsecure area, nothing stops a dedicated
attacker from inserting his own switch (at lower bandwidth usage,
maybe even a dumb hub), into the uplink of your switch, circumventing
all measures configured on your switch.

best regards
Patrick
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Ethernet All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB