nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Application or Software to detect or Block unmanaged swicthes

From: Brad <brad () persius net>
Date: Fri, 08 Jun 2018 17:30:04 -0600


I like the idea of using a quarantine network by default with a captive portal assistant to permit certain levels of 
access if needed.. fairly easy to setup on LAN and WiFi networks with no problem.  Just depends on what you are trying 
to secure- easy to set up audits with MAC tables and SNMP data either way.

Brad

-------- Original message --------From: Ben Cannon <ben () 6by7 net> Date: 6/8/18  13:28  (GMT-07:00) To: Kasper Adel 
<karim.adel () gmail com> Cc: nanog () nanog org Subject: Re: Application or Software to detect or Block unmanaged 
swicthes 
I’ve got an easy way to do this, I confiscate ‘em ;)

As others have said, this is a management problem.  Untrustworthy parties shouldn’t have physical access to your trunk 
ports.

That said Layer 2 MAC ACLs should block everything and allow only your switches.

Also do you have lit trunk ports just floating in space?   You shouldn’t...
Previous By Date Next
Previous By Thread Next

Current thread: