[nsp] Using router or switch to detect "other" switches.
Hudson Delbert J Contr 61 CS/SCBN
Delbert.Hudson at LOSANGELES.AF.MIL
Thu Feb 5 15:52:23 EST 2004
more ammunition for engineering documents i gotta write for ncc
centralization and consolidation taskers around here that utilize
port security based on mac addy.
industry forums are considered valid resources of engineering solutions.
61CS/SCBN - LAAFB NCC
Network Architecture & Engineering Group
delbert.hudson at losangeles.af.mil
From: Church, Chuck [mailto:cchurch at wamnetgov.com]
Sent: Thursday, February 05, 2004 10:58 AM
To: Chapman, Matt; cisco-nsp at puck.nether.net
Cc: Sagon, Keith
Subject: RE: [nsp] Using router or switch to detect "other" switches.
Enabling port security, allowing only 1 mac at a time per port will put a
quick end to the Netgears. Also, I think there is something called
'bpdu-guard' that will let a port function in either port fast mode or with
spanning tree totally off. But if it receives a BPDU on that port, it shuts
it down immediately. Other than that, you could span the VLAN and look for
non-Cisco BPDUs, based on the MAC OUI.
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
cchurch at wamnetgov.com
> -----Original Message-----
> From: Chapman, Matt [mailto:chapmam2 at ocps.k12.fl.us]
> Sent: Thursday, February 05, 2004 9:26 AM
> To: cisco-nsp at puck.nether.net
> Cc: Sagon, Keith
> Subject: [nsp] Using router or switch to detect "other" switches.
> Is it possible to do rogue detection of switches that are not cisco
> similar to how you can use the Cisco Aeronets to detect rogue Access
> We are in a fight to find and replace those pesky little Netgear
> switches that so many people are using to get around pulling a wire or
> even using a cisco 2940.
> -- Matt Chapman
> Matt Chapman
> Network Engineer
> "I think computer viruses should count as life. I think it says
> something about human nature that the only form of life we
> have created
> so far is purely destructive. We've created life in our own image."
> Stephen Hawking (1942 - )
> The information contained in this e-mail message is intended solely
> for the recipient(s) and may contain privileged information. Tampering
> with or altering the contents of this message is prohibited. This
> information is the same as any written document and may be
> subject to all rules
> governing public information according to Florida Statutes.
> Any message
> that falls under Chapter 119 shall not be altered in a manner that
> misrepresents the activities of Orange County Public Schools.
> [References: Florida State Constitution I.24, Florida State Statutes
> Chapter 119, and OCPS Management Directive A-9.]
> If you have received this message in error, or are not the
> named recipient
> notify the sender and delete this message from your computer.
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> archive at http://puck.nether.net/pipermail/cisco-nsp/
cisco-nsp mailing list cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp