Securing network

Dpj
Dpj Posts: 38  Freshman Member
First Comment First Anniversary

Hello,
We are still very busy with our project. We want to secure the network. We want to create a situation that not everybody can just plug in an cable en connect their pc with our customer network.
So for switches we will disable ports which are not in use. But then we still have the posibility someone pulls out an cable, atach an switch, and connect an pc to it.
So i was playing arround with authentication. But i don't know exactly how this works. I thought i can enter an mac address under cloud authentication, and under authentication method i can choose for Sign in method: Nebula Cloud Authentication. But it seems it does not work that way.

So i created an user, and when i connect an cable, the internet browser opens and i have to enter the credentials. that works. But, when i delete the user, i can still access the network. So i don't know in which way nebula keeps track of which device is allowed to access the network. The mac addresses are not stored in the cloud authentication part.

Accepted Solution

All Replies

  • Dpj
    Dpj Posts: 38  Freshman Member
    First Comment First Anniversary

    hmmm a little disapointing. even when i don't enter credentials. i still can access other clients. Isn't there anything to give protection for connecting unknown devices to an network?

  • PeterUK
    PeterUK Posts: 3,443  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited November 15

    If they are on the same subnet its the switch they are on that allow access to other clients.

    Their are some way to isolate clients like VLAN for given clients or switch Isolation or having ARP egress to out the port to the USG.

    You can also have the switch do DAI (IP Source Guard) so that the client must DHCP to get a IP to which you can have a list of trusted MAC to IP on the USG

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,170  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @Dpj

    It sounds like you're on the right track to secure your network. To help you achieve this, you can use the MAC Authentication feature on your Nebula switch. This allows you to control which devices are allowed to connect by approving their MAC addresses. With this setup, only trusted devices can access your network, even if someone tries to connect an unauthorized switch or PC.

    Here is guide to walk you through the setup:

    Note: Not all Nebula switches support the MAC Authentication feature. To confirm if your switch has this capability, please check the device function table on the Nebula CC.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Nebula Tips & Tricks