I want to make my network more secure to prevent intruders accessing and sniffing the data.
I will give a sample network scenario. almost 3 offices with 40 users each is working in a site. There I have 1 3560 and 3 nos 2960 switches. in 3560, I have 4 VLANS configured.
1. Server VLAN
2. Office 1 VLAN
3. Office 2 VLAN
4. Office 3 VLAN
I am using 1 each 2960 dedicated to an office. There is no trunking betwen 3560 and 2960. Access Port is connected to each 2960
We have windows 2008 RODC and DHCP Server in Server VLAN and all clients using Dynamic IP.
I want to prevent any third party to get dynamic IP if he connected to one port, that is used by a dynamic user. ( Some ports are like this, they are not in shutdown state, but the user is away.) If the Thrid party is not getting any IP, he may identify the range and can put manual IP. I want to prevent this users to get access to network also. Please give your suggestions