[c-nsp] Good way of finding unauthorized network elements/

Marcelo Zilio ziliomarcelo at gmail.com
Fri Oct 30 15:55:15 EDT 2009


inline

On Fri, Oct 30, 2009 at 5:37 PM, quinn snyder <snyderq at gmail.com> wrote:

> inline comments
>
> On Friday, October 30, 2009, Marcelo Zilio <ziliomarcelo at gmail.com> wrote:
> >
> > A third option (if your switches support it) is enable port security and
> > maximum mac address numbers on each switchport.
> >
>
> depending on if the device is being used as layer3 and how his
> topology is set up, a single mac address will only be presented to the
> switchport, since the linksys is nat'ing packets.
>
>
Good point. Then you should consider IP Source Guard and ARP Inspection
too... or maybe 802.1x



> if it is in the budget, the cisco wlc's will handle this task nicely,
> however, i am unsure of the technical "licensing" on upgrading from
> autonomous ap's to lwaps.
>
> q.
>  >
> > On Fri, Oct 30, 2009 at 4:08 PM, Scott Granados <gsgranados at comcast.net
> >wrote:
> >
> >> Hi all
> >> I have a general question.  I have a network consisting of about 20
> access
> >> switches and 2 core switches.  We have 3 access points that we manage
> but
> >> think someone might have brought in a linksys or DLink consumer device
> and
> >> plugged in.  (users, can't live with em, can't shoot em)
> >> Is there a tool or good method that could scan the arp table and look
> for
> >> Manufacturor ID bits so I could see roughly what's attached where?  Are
> >> there better tools in general or better methods of finding rogue
> elements
> >> that people may attach?
> >> Any pointers would be appreciated.
> >>
> >> Thanks
> >> Scott
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>


More information about the cisco-nsp mailing list