This new set of features can help you lock down Layer 2 access to your network, and refine policies on a per-device level. If you normally enforce device-level authentication on a particular port but wish to make an exception for the CEO’s personal laptop, you can now easily do so.Įnabling MAC whitelisting for selected ports. Branch retailers, for example, might find MAC whitelisting useful if they wish to allow only certain devices on their network but don’t want to manage the added complexity of a RADIUS server.Īdditionally, you may want to allow specific devices to be whitelisted through a switch port even though MAC-based authentication is required. Enabling the feature in this case will block all access to a switch port except for the specified MAC addresses. MAC whitelisting is valuable for networks that aren’t hosting an on-site RADIUS server.
In the image below, for example, we’ve blocked all DHCP servers by default, except for our authorized server with MAC address aa:bb:cc:dd:ee:ff-this helps secure us from rogue DHCP servers which may be added to the network at any time.Ĭonfiguring rogue DHCP server containment for a Cisco Meraki network only takes one click. Simply set a policy to allow or block identified DHCP servers, then specify any exceptions to the rule. Configuring a DHCP server policy is easy. MS switches now perform DHCP snooping to identify which devices are responding to DHCP requests on your network, so you can automatically detect and block unauthorized, rogue devices. Now, you can dictate port access at the device level, enabling more granular control.Įnabling MAC-based RADIUS authentication in a policy to be applied to specific ports. When enabled, this feature requires authentication for each MAC address accessing a switch port.
Furthermore, not all devices support 802.1X authentication, limiting the security scope of the port-based approach.Įnter MAC-based RADIUS authentication. If you’re trying to secure your organization’s switch infrastructure, we’ve got great news for you: Cisco Meraki switches now supportĪll Meraki MS switches support 802.1X wired authentication, which allows the configuration of port-based access policies by using user credentials for authentication, but until now our switches didn’t allow for device-based policies.
CISCO MAC ADDRESS BLOCK UPDATE
Our latest firmware update brings MAC-based RADIUS authentication, one-click DHCP server containment, and MAC whitelisting to your switch network
0 kommentar(er)
