Port Security

Dpj · October 12

Hello,

An other thing what i am missing. (or i cannot find it)

Port security. We want to secure all networks of our customers for unknown devices. the first option i was thinking about is mac vlan. So i can put known devices in a seperated vlan automatically. But i cannot find it, so next thing was port security. (learning maximum ammount of mac addresses.) but i cannot find it eather.

What are other approaches to secure our networks?

(of course we can disable ports, but we must do that manually.) And in my oppinion MAC based vlan would be perfect.

and when i see vendorID vlans do exist, MAC based vlan is not much different. It should not be to difficult to implement it in Nebula.

yours dennis

PeterUK · October 12

Really when you look at it if something bad is on your LAN that you allowed to be connected then knowing what to trust and not becomes hard there is no automatically way to know what to trust and what not.

A switch can do learning maximum amount of mac addresses per port and you can ACL MAC list

It be best to have the end device you trust with a VLAN tag and unknown devices untag of course if a unknown device works out the tag and MAC in place of a trusted device then that can happen

Dpj · October 12

Ah i see my question is not complete. I mean i miss those settings in Nebula. The image you show seems to be on premise…

PeterUK · October 12

Yes I don't know why they did Nebula without all the options like it be easier to have the firewall/switch connect to Nebula as a relay for all the settings