[c-nsp] preventing unwanted devices on the network

Matthew Crocker mcrocker at crocker.com
Sat May 31 23:00:38 EDT 2008


802.1x provides Ethernet (layer 2) access control.  You enable it on  
your switch ports and all Ethernet devices need to authenticate.    
Using Radius  you can assign authenticated users to various VLANs  
etc.  Your devices need to support 802.1x in order to authenticate but  
most modern OSes have .1x clients

http://www.cisco.com/en/US/products/ps6662/products_ios_protocol_option_home.html


On May 31, 2008, at 5:30 PM, Dan Letkeman wrote:

> Hello,
>
> I'm looking for the best way to prevent unwanted wireless routers or
> other unwanted bridging devices on a network.  For example a wireless
> router with the wan port plugged in to the network or a router in
> bridging mode with dhcp off.
>
>> From other posts I have read about using dhcp snooping.  I'm  
>> wondering
> if it works when someone plugs in a router into a switch because the
> "wan" port will only request an address, the dhcp will be on the
> routers "lan" side.
>
> Also I would like to prevent unwanted static ip addresses on this
> network as well.  My current setup is a 3560 switch which has multiple
> 2960 switches connected to it.  I would like to prevent this type of
> traffic right at the edge ports.  Would an access list be the
> appropriate way to protect this?  Unfortunately port security will not
> work for us.
>
> Thanks,
> Dan.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list