Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Handle Ethernet Port Management?

Posted by ryuzaki0 on from the that-thing-that-looks-like-a-phone-jack dept.

MTL-Stalker asks: "I am currently investigating the best way to handle Ethernet port management for an organization with over 75,000 Ethernet ports spread out over 700+ sites. I was wondering how members of the Slashdot community are handling this issue in their organizations? Obviously this is as much a business process issue as a technological solution. In today's threat-filled networks, it seems like asking for trouble to rely on a simple switch based 'port enabled/port disabled' methodology. Do you think Cisco-style port security (tying a MAC address to a particular port) or PACLs (port access control lists) are worth the effort? Are products like Cisco Campus Manager or HP OpenView worth the cost and deployment headaches? Do they address your security concerns? How many of you are using homegrown scripting and/or SNMP solutions? How many ports can you effectively manage with these solutions? I would also be interested in knowing what industries these solutions are being implemented in."

11 of 133 comments (clear)

  1. My dad's solution by The+MAZZTer · · Score: 1, Funny

    He just blocks everything except HTTP/HTTPS and FTP, so I'm stuck using Tor for anything else. >:(

  2. Serious business by voice_of_all_reason · · Score: 3, Funny

    The internet: Homework Help for both teenagers and network administrations :)

  3. Re:Guest-Intruder VLAN by Anonymous Coward · · Score: 5, Funny
    I've always had good luck with not necessarily tying a MAC to a port, but rather a list of approved MACs.


    You guys always try to do things the hard way. For true ethernet port management just use this.
  4. Too easy... by __aaclcg7560 · · Score: 3, Funny

    One port at a time! The best part is that you don't need to be an MCSE tech to figure that one out.

  5. Obligatory by The+Living+Fractal · · Score: 1, Funny

    "I read it as Ethernet Porn Management"

    "In which case, I'd use a COMdom"

    Feel the karma burn. Ahh but how, -1 Redundant, Offtopic or simply Overrated? Hit me with it.

    TLF

    --
    I do not respond to cowards. Especially anonymous ones.
  6. Why? by Dolda2000 · · Score: 3, Funny

    I'm not exactly in charge of any large area networks, so I'm probably just ignorant, but why would you want to limit physical Ethernet access to begin with? All your actual services are properly authenticated, aren't they? Is it for DoS prevention or proactive security or something completely else?

  7. Huh? by StarKruzr · · Score: 2, Funny

    I don't get it. Your dad does this to your house?

    --

    +++ATH0
  8. 75k ports by bockafer · · Score: 2, Funny

    They are all on VLAN 1 aren't they?

  9. simple by Keruo · · Score: 3, Funny

    Use epoxy. Just mix the two compound and fill in un-used ports.
    Great securitywise but kinda limits future expanding.

    --
    There are no atheists when recovering from tape backup.
  10. Re:Guest-Intruder VLAN by computational+super · · Score: 2, Funny
    Where do you work, the NSA?

    No, actually that's just his dad's home network.

    --
    Proud neuron in the Slashdot hivemind since 2002.
  11. Re:Guest-Intruder VLAN by cybrix · · Score: 3, Funny

    Is that what they use for broadband over powerline?