[c-nsp] Rogue NAT gateways

Lars Christensen perseusdk at gmail.com
Mon Jul 16 13:16:18 EDT 2012


Hi Dan

As others already have suggested, you should implement DHCP snooping in your network to stop rogue DHCP servers.

To stop the rest, your should take a look at 802.1x and Cisco ISE. With 802.1x, you can make sure, who is online and that they are authenticated.
Guest access using 802.1x can limit the access to the network for the guests, so they can't use specific protocols etc. using downloadable ACLs.


Lars Christensen
CCIE #20292



Den 16/07/2012 kl. 00.16 skrev Dan Letkeman:

> Wondering if anyone has any tricks for disabling the use of any NAT
> gateways?  I know the best way is to remove it physically, but in the
> case of guest access and mobile devices its sometimes difficult to do
> so.  Now that many devices can act as a hotspot, some of these devices
> are becoming difficult to find.  I have looked into ACL's with ttl
> requirements, but I could not seem to get it to work like I wanted.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list