Securing network
Hello,
We are still very busy with our project. We want to secure the network. We want to create a situation that not everybody can just plug in an cable en connect their pc with our customer network.
So for switches we will disable ports which are not in use. But then we still have the posibility someone pulls out an cable, atach an switch, and connect an pc to it.
So i was playing arround with authentication. But i don't know exactly how this works. I thought i can enter an mac address under cloud authentication, and under authentication method i can choose for Sign in method: Nebula Cloud Authentication. But it seems it does not work that way.
So i created an user, and when i connect an cable, the internet browser opens and i have to enter the credentials. that works. But, when i delete the user, i can still access the network. So i don't know in which way nebula keeps track of which device is allowed to access the network. The mac addresses are not stored in the cloud authentication part.
Accepted Solution
-
Hi @Dpj
It sounds like you're on the right track to secure your network. To help you achieve this, you can use the MAC Authentication feature on your Nebula switch. This allows you to control which devices are allowed to connect by approving their MAC addresses. With this setup, only trusted devices can access your network, even if someone tries to connect an unauthorized switch or PC.
Here is guide to walk you through the setup:
Note: Not all Nebula switches support the MAC Authentication feature. To confirm if your switch has this capability, please check the device function table on the Nebula CC.
Kay
See how you've made an impact in Zyxel Community this year!
0
All Replies
-
hmmm a little disapointing. even when i don't enter credentials. i still can access other clients. Isn't there anything to give protection for connecting unknown devices to an network?
0 -
If they are on the same subnet its the switch they are on that allow access to other clients.
Their are some way to isolate clients like VLAN for given clients or switch Isolation or having ARP egress to out the port to the USG.
You can also have the switch do DAI (IP Source Guard) so that the client must DHCP to get a IP to which you can have a list of trusted MAC to IP on the USG
0 -
Hi @Dpj
It sounds like you're on the right track to secure your network. To help you achieve this, you can use the MAC Authentication feature on your Nebula switch. This allows you to control which devices are allowed to connect by approving their MAC addresses. With this setup, only trusted devices can access your network, even if someone tries to connect an unauthorized switch or PC.
Here is guide to walk you through the setup:
Note: Not all Nebula switches support the MAC Authentication feature. To confirm if your switch has this capability, please check the device function table on the Nebula CC.
Kay
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 252 USG FLEX H Series
- 270 Security Ideas
- 1.4K Switch
- 72 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight