DESCRIPTION
A user disconnects the network cable from a client computer and connects it to his laptop. Because the port is open and unsecured, he can continue surfing the network with the NAC appliance unaware that a client switch has occurred.
SOLUTION DETAILS
To prevent other clients from using a port, the port should be secured to allow only the current MAC address to communicate on that port. If any other MAC address (i.e., another client) tries to communicate through the port, port security disables the port.
This solution describes how to configure secure ports.
NOTE: For Cisco switches, best practices include configuring the switch to send an SNMP trap to the NAC appliance to indicate that the port has been disabled for security reasons.
PROCEDURE
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.