How Do You Handle Ethernet Port Management?

Posted by ryuzaki0 on Thursday July 13, 2006 @12:45PM from the that-thing-that-looks-like-a-phone-jack dept.

MTL-Stalker asks: "I am currently investigating the best way to handle Ethernet port management for an organization with over 75,000 Ethernet ports spread out over 700+ sites. I was wondering how members of the Slashdot community are handling this issue in their organizations? Obviously this is as much a business process issue as a technological solution. In today's threat-filled networks, it seems like asking for trouble to rely on a simple switch based 'port enabled/port disabled' methodology. Do you think Cisco-style port security (tying a MAC address to a particular port) or PACLs (port access control lists) are worth the effort? Are products like Cisco Campus Manager or HP OpenView worth the cost and deployment headaches? Do they address your security concerns? How many of you are using homegrown scripting and/or SNMP solutions? How many ports can you effectively manage with these solutions? I would also be interested in knowing what industries these solutions are being implemented in."

2 of 133 comments (clear)

Min score:

Reason:

Sort:

Guest-Intruder VLAN by chill · 2006-07-13 12:56 · Score: 5, Informative

I've always had good luck with not necessarily tying a MAC to a port, but rather a list of approved MACs. MAC not approved gets automatically shunted to an isolated VLAN. If they bring up a browser all they see is a "welcome guest, call IT" screen. Both Cisco and HP switches can do this.

--
Learning HOW to think is more important than learning WHAT to think.
1. Re:Guest-Intruder VLAN by Anonymous Coward · 2006-07-13 13:34 · Score: 5, Funny
  
  I've always had good luck with not necessarily tying a MAC to a port, but rather a list of approved MACs.
  
  You guys always try to do things the hard way. For true ethernet port management just use this.