The use of HUB`s in a switched network.

We are using a switched 100 Mbit network with cisco switches (mostly 2950 with 4006 core switch). There are people over here who want to "expand" their connection numbers in their office by hooking up a HUB into the network. However HUB`s can generate lots of timing errors in a high speed switched network. Is there any way to find these HUB`s other then checking every office every day:)....

Thanks for your help.
LVL 2
TodosAsked:
Who is Participating?
 
martijntConnect With a Mentor Commented:
Hi,

a follow-up on my previous comment:

I looked up your Switch type (2950) at the Cisco website and found the following:

"The Cisco Catalyst 2950 Series switches offer enhanced data security through a wide range of security features. These features allow customers to provide network security based on users and/or MAC addresses. The security enhancements are available free-of-charge by downloading the latest software release for the Catalyst 2950 switches."

Here's the link:
"http://www.cisco.com/en/US/products/hw/switches/ps628/products_data_sheet09186a008008889f.html"

0
 
martijntCommented:
Hi,

since you are using Cisco switches on your network you can probably enable per port security. That way you can limit the number of attached MAC addresses per port.

As you probably know, every network interface has a MAC address. So if you connect two machines to a hub which is connected to a switch, there are (at least) two MAC addresses connected to that single port on your switch.

If you want to make sure that no more than one system is attached to a single port of your switch, enable the port security. At this point i cannot tell you how te do that, but there is a big chance that your switches support it and that it is mentioned in the manual...

Sincerely,

Martijn Tigchelaar.
0
 
Steve JenningsIT ManagerCommented:
As martijnt says, just shut down the switch ports that aren't in use and associate the workstation MAC address with a specific switch port . . . that'll fix those lousy users. They're always wanting something, aren't they?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
epylkoCommented:
Hubs do not in and of themselves generate lots of timing errors on a network.  Poor network design will do that.  Anyone remember the 5-4-3 rule?

If someone wants to add a few more ports in their office, let them.  Make sure that all the devices connected to it are running half-duplex and you should be good to go.

Also, make sure you have spanning tree turned on - I could imagine someone thinking that if his office connection is fast, using his neighbors connection into the hub will double their performance.

-Eric
0
 
TodosAuthor Commented:
Martijnt,

Thanks for the hunch, i looked it up to...there are plenty of options i see to close things up. I think i will not associate the MAC-addresses to a specific port, because there are also laptops on several ports that change randomly (and there are over 800 computers..).

Eric : I do believe that cheap HUBs WILL generate timing errors on your network, and if im not mistaken the 5-4-3 rule doesnt completely apply to a 100 Mbit switched network....

Anyway thanks for your help guys!!!

grtz
0
 
epylkoCommented:
Hubs apply to the 5-4-3 rule.  Switches do not (unless they are purely store-and-forward which most are today).

OK, so you _believe_ the hubs _will_ generate timing errors.  Please explain your belief.  Perhaps I am wrong. Do you mean collisions?  Those are perfectly normal and acceptable in ethernet.  Again, since switches are store-and-forward, your 2950 or 4006 will not forward a frame until the entire frame has been received.  Any "timing errors" won't be propogated anyway.

-Eric
0
 
TodosAuthor Commented:
Martijnt,

Volgens mij ben je nederlands, dus vandaar mijn vraag in het nederlands. Ik heb port-security ingesteld op de 2950 switch. Volgens de documentatie moet de restrict violation optie een trap sturen naar de NMS bij het overschrijden van het maximale aantal MAC-adressen. Ik zie wel mijn counter oplopen als ik een tweede MAC-adres laat koppelen aan de interface via de HUB maar er worden geen traps verstuurd. Heb jij misschien iets meer ervaring hiermee?

Bij voorbaat dank.

groeten,

Mark
0
All Courses

From novice to tech pro — start learning today.