nanog mailing list archives
Re: Application or Software to detect or Block unmanaged swicthes
From: Alan Buxey <alan.buxey () gmail com>
Date: Fri, 8 Jun 2018 20:12:12 +0100
as already said - this can be covered with adequate processes and management (even so far as, not doing your job right? time for HR...). however, there are many ways to ensure that random ports arent doing anything other than what they should be doing - most of these are L2 security features - port-security, BPDUGAURD, default vlan pruning, along with other protections such as DHCP snooping etc. however, if its the network team doing this - then they could just turn those things off anyway - so you need to also ensure all managed switch configs have their configs audited and checked - grabbed by SNMP and checked/audited against known template etc etc. if a switch cannot be audited then disconnect its uplink..... but then your end users/customers no longer have connections - which is why its really down to management processes. WHY are they doing this? there could be other reasons why due process isnt being followed other than eg incompetence, malice, laziness etc alan
Current thread:
- Re: Application or Software to detect or Block unmanaged swicthes, (continued)
- Re: Application or Software to detect or Block unmanaged swicthes Eric Kuhnke (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Mel Beckman (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Owen DeLong (Jun 08)
- RE: Application or Software to detect or Block unmanaged swicthes Christopher J. Wolff (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Kasper Adel (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Ben Cannon (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Brad (Jun 10)
- Re: Application or Software to detect or Block unmanaged swicthes Kasper Adel (Jun 08)