[c-nsp] Good way of finding unauthorized network elements/
quinn snyder
snyderq at gmail.com
Fri Oct 30 15:37:03 EDT 2009
inline comments
On Friday, October 30, 2009, Marcelo Zilio <ziliomarcelo at gmail.com> wrote:
>
> A third option (if your switches support it) is enable port security and
> maximum mac address numbers on each switchport.
>
depending on if the device is being used as layer3 and how his
topology is set up, a single mac address will only be presented to the
switchport, since the linksys is nat'ing packets.
if it is in the budget, the cisco wlc's will handle this task nicely,
however, i am unsure of the technical "licensing" on upgrading from
autonomous ap's to lwaps.
q.
>
> On Fri, Oct 30, 2009 at 4:08 PM, Scott Granados <gsgranados at comcast.net>wrote:
>
>> Hi all
>> I have a general question. I have a network consisting of about 20 access
>> switches and 2 core switches. We have 3 access points that we manage but
>> think someone might have brought in a linksys or DLink consumer device and
>> plugged in. (users, can't live with em, can't shoot em)
>> Is there a tool or good method that could scan the arp table and look for
>> Manufacturor ID bits so I could see roughly what's attached where? Are
>> there better tools in general or better methods of finding rogue elements
>> that people may attach?
>> Any pointers would be appreciated.
>>
>> Thanks
>> Scott
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list