2.6. Ensuring only known devices can use a network
Notice in creating these rules some fields were not used. They could be used to refine or narrow the
focus of the rule.
Finally the ACLscreated were bound to ports on the switch. This was done using the switch menu
sequence:
Security → ACL → Basic → MAC Binding Configuration
to bring up the MAC Binding Configuration screen. The ACL name pinter-pc2 was selected
from the ACL ID pull down menu. The Unit 1 tag of the Port Selection Table was clicked, then
the selection box under port 19 was clicked resulting in a tick mark being inserted. Then the APPLY
button at the bottom of the screen was clicked. The ACL name nac-pc1 was then selected from the
ACL ID pull down menu and port 7 selected from the Port Selection Table before clicking the
APPLY button. After each click of the APPLY button an entry was added under the heading Interface
Binding Status briefly describing the ACL to port binding.
The security design was then complete.
2.6.5 Testing
Testing was performed using ping. Before any ACLs were configured and applied, PC 1 and PC 2 could
ping all devices on the network of Figure 2.5. After application of the first ACL, PC 1 could ping all
devices of the network. PC 2 could only ping the printer (d0:bf:9c:bd:4b:4d. After application of
the second ACL, PC 1 could only ping the NAS (28:c6:8e:d5:ed:08 and PC 2 only the printer. The
security design was working.
19
To Next Page
Loading...
