nanog mailing list archives
Re: Application or Software to detect or Block unmanaged swicthes
From: Kasper Adel <karim.adel () gmail com>
Date: Fri, 8 Jun 2018 10:21:55 -0700
I guess you can do that and more with a linux based switch like cumulus and pica8. They allow you to do all sorts of things like that because they are open. On Thursday, June 7, 2018, <keith () contoocook net> wrote:
In my previous life, we used a nac appliance from Bradford Networks whereby the mac address of every device needed to be registered or the switch port it was plugged into would be disabled. This kept spurious devices from appearing on the network and worked quite well. Cheers, Keith Sent from my android device. -----Original Message----- From: Jason Hellenthal <jhellenthal () dataix net> To: segs <michaelolusegunrufai () gmail com> Cc: nanog () nanog org Sent: Thu, 07 Jun 2018 7:54 Subject: Re: Application or Software to detect or Block unmanaged swicthes As someone already stated the obvious answers, the slightly more difficult route to be getting a count of allowed devices and MAC addresses, then moving forward with something like ansible to poll the count of MAC’s on any given port ... of number higher than what’s allowed, suspend the port and send a notification to the appropriate parties. All in all though sounds like a really brash thing to do to your network team and will generally know and have a very good reason for doing so... but not all situations are created equally so good luck. -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.On Jun 7, 2018, at 03:57, segs <michaelolusegunrufai () gmail com> wrote: Hello All, Please I have a very interesting scenario that I am on the lookout for a solution for, We have instances where the network team of my companybypasscontrols and processes when adding new switches to the network. The right parameters that are required to be configured on the switches inorder for the NAC solution deployed to have full visibility into end points that connects to such switches are not usually configured. This poses a problem for the security team as they dont have visibility into such devices that connect to such switches on the NAC solution, the network guys usually connect the new switches to the trunk port and they have access to all VLANs. Is there a solution that can detect new or unmanaged switches on the network, and block such devices or if there is a solution that blockusersthat connect to unmanaged switches on the network even if those usershavedomain PCs. Anticipating your speedy response. Thank You!
Current thread:
- Re: Application or Software to detect or Block unmanaged swicthes, (continued)
- Re: Application or Software to detect or Block unmanaged swicthes Mel Beckman (Jun 07)
- Re: Application or Software to detect or Block unmanaged swicthes David Hubbard (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Eric Kuhnke (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Mel Beckman (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Owen DeLong (Jun 08)
- RE: Application or Software to detect or Block unmanaged swicthes Christopher J. Wolff (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Kasper Adel (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Ben Cannon (Jun 08)
- Re: Application or Software to detect or Block unmanaged swicthes Brad (Jun 10)
- Re: Application or Software to detect or Block unmanaged swicthes Mel Beckman (Jun 07)
- Re: Application or Software to detect or Block unmanaged swicthes Kasper Adel (Jun 08)