Ask the Expert

How I can retain security but allow my employees to remain mobile between offices?

Because of past problems, my company implemented MAC filtering where each computer can accesses the network only through a specific drop (i.e. the one at the employees desk). This creates a problem because many of my employees travel from office to office and often need to plug in to another person's drop to access e-mail or other network resources. I thought it might make more sense to filter by MAC address at the router. Do you have any suggestions on how I can retain security, but allow my employees to remain mobile between offices?

    Requires Free Membership to View

There are a couple of ways to achieve this.

First, tying the MAC with the drop method works well. For the mobile users you can leave some drops without MAC restriction at certain locations. This will help you identify who's on the network, both by location and drop tag.

Second, MAC filtering can be enabled on gateways/routers to keep unwanted users off your network. By enabling this feature, the device will compare each connecting computers MAC address against an internal manually configured list populated by the owner of the router. If the MAC address is on the list, the connection is permitted. While this is a nice feature, do not rely heavily on this form of security.

Third, the best way to achieve this is to use VLANs. VLANs feature port-based access control to help secure switch port access by requiring the client to authenticate itself before being granted access to the network. Data cannot pass through the switch and onto the LAN until the client's identification has been verified. Some of the enterprise switches offer an added security layer that uses a MAC address lock-down scheme to deny port access to any device that is not registered to that port. This will enable you to retain Internal security while allowing access to authorized mobile users.

If you need more information, check out our VLANs topic page.

This was first published in August 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: