Hello
I have a Cisco cbs250 switch and I am trying to find out the best practices to add more secutity on my network without adding a firewall.
I have isp's router, a Cisco cbs 250 switch, a nas, ipcameras, 3 desktops and 4 laptops.
First I thought to create VLANS to segment the LAN but I will lose access to every device (e.x. ip camera, nas)
Second I thought to disable dhcp on the router and make ip and mac binding as the best practice for security in case that "someone" disconnects the outside camera and add a laptop to get in my LAN. Ofcourse this is dysfunctional for adding new users but it is more secure because it is forbitten to add new device in the LAN without adding through router in the ARP table.
Third I thought to create ACL's but this helps to routing (permit/deny) from specific users (ip's) to another. I think this cannot helps to upper camera scenario.
It would help if switch supports dynamic vlan (mac based) but it doesn't (only 350 series) and if I could add security per port by adding maximum devices per mac as "1" so if "someone" add a laptop (new mac) he will be locked out.
There are several ways to add security but I am intersted to make some kind of rule to a specific port that it will allows only the camera to connect in network and in case that "someone" connect a new device he will be banned out of lan.
Please I want your ideas and suggestions
Thank you
I have a Cisco cbs250 switch and I am trying to find out the best practices to add more secutity on my network without adding a firewall.
I have isp's router, a Cisco cbs 250 switch, a nas, ipcameras, 3 desktops and 4 laptops.
First I thought to create VLANS to segment the LAN but I will lose access to every device (e.x. ip camera, nas)
Second I thought to disable dhcp on the router and make ip and mac binding as the best practice for security in case that "someone" disconnects the outside camera and add a laptop to get in my LAN. Ofcourse this is dysfunctional for adding new users but it is more secure because it is forbitten to add new device in the LAN without adding through router in the ARP table.
Third I thought to create ACL's but this helps to routing (permit/deny) from specific users (ip's) to another. I think this cannot helps to upper camera scenario.
It would help if switch supports dynamic vlan (mac based) but it doesn't (only 350 series) and if I could add security per port by adding maximum devices per mac as "1" so if "someone" add a laptop (new mac) he will be locked out.
There are several ways to add security but I am intersted to make some kind of rule to a specific port that it will allows only the camera to connect in network and in case that "someone" connect a new device he will be banned out of lan.
Please I want your ideas and suggestions
Thank you