Our organization has roughly 60 locations with mainly one Adtran NetVanta 1234 Switch at each location, but some have 2. Our main location has roughly 10 switches. We are looking at implementing port security and was looking for some best practice help from the community to assist. We were thinking to deploy a certificate out to the workstations, and when the workstation is plugged in it authenticates itself using this preinstalled certificate and the port activates. For devices that don't support the certificate method (printers, etc.) we could use MAC Address authentication, and configure the ports to strictly use the MAC Address authentication.
Most of our workstations are static and stay plugged into the same ports. But we do have just a few laptop users. We also have VoIP phones on a different vLAN that are plugged into the switch (the network runs from the switch to the phone, and then from the phone to the workstation).
Is this the best way to implement with the Adtrans? Is there another option? What do most users do that offers the most convenience with the least amount of administrative headaches, but still allows for security?
Thanks for any options or opinions!
