• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

Rogue Access Points

Hi is there a way to scan for rogue access points and possibly block someone from plugging one into a network?  I use Cisco Switches, unsure if there is a command to prevent this.

1 Solution
Randy DownsOWNERCommented:
Your best defense is disabling DHCP. Then they would have to be abale to setup as a static ip.
Randy DownsOWNERCommented:
You could try some of these to see if you detect unknown devices

You could use a product like GFI LANGuard or SolarWinds User Device Tracker. These do more detection and auditing, but that is an important first step. Once you get an alert that rogue device has been plugged in, you can go in a disable that port in your switch or go unplug it manually.

To help minimize that risk on secure networks such has hospitals, all ports that are not currently in use are disabled, and a request to IT must be made to turn it on. May be overkill or not possible for you though, depends on your managements attitude usually.
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Fortinet has some devices which will detect and then interfere with rogue access points, while providing you with controlled wireless.  You can control with APs are OK, and then interfere with the others so they don't get used.  
You could also setup port security on the access ports of your cisco switches. This limits the number of MAC addresses that can access a switch port.

See http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html for details.
Jack_son_Author Commented:
I wont be able to spend any money.  If you use port access, or the switch, could i block netgear and linksys mac addresses somehow?  
Without getting a full database of all allocated MAC addresses, I don't knwo how you could ahcieve this. Another tech you could investigate is 802.1X. See http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/Sw8021x.html for more details. I think you can use your Windows servers as the server and integrate it with AD.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now