how can i blcok wireless hub connect to our company

hello Expert
in our company, some users bring a wireless hub connect to network, so that they using WIFI on cell phone or iPad etc, i just want to know does it possible block this?
all end user desk port are connecting to several Cisco 2950 switch, and core switch is Cisco 3550, does it possible configure ports on 2950 which could only get computer connected others not?

thank you
Who is Participating?
PaulNSWConnect With a Mentor Commented:
You can also use Cisco's port security settings

Read the article here
helpfinderIT ConsultantCommented:
I recommand you firtsly to issue some internal document, policy that this is forbiden to do and they could be punished for such a behavior by employer

no extrra smart idea from my side, only what I have on my mind is to set your DHCP to give IP to concrete MAC address (so you collect all MAC addresses in your company and match them with particular IP) - this could solve your problem but on other hand I agree this is not a handy solution (especialy in large enviroment)
or you could get a wifi router mac and block it so your DHCP won´t assign IP to it (but if your users are a little bit IT experienced I am sure they wil be able to change routers MAC and they are online back)
If you have a small client base, you can map MAC Addresses to a particular port of the switch, which gives you additional security and solves your problem of some external devices being added to the network.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Neil RussellTechnical Development LeadCommented:
MAC Authentication is of course the best way. You could easily script with powershell, WMI to collect all of the MAC Addresss of your company computers.
The only problem with that (MAC-based ACLs) is, I have never seen a consumer grade router than did not have a MAC Cloning function to make it appear to be the computer that is actually hooked to one of the router's LAN ports, configuring it.

So, a Network Usage Policy with repeated violations subject to disciplinary action, is the best way to go, in my opinion... with occassional sweeps using a laptop running WiFi Inspector or inSSIDer to look for rogue access points just to show them they CAN be detected and found.
beardog1113Author Commented:
yes, port-security helps, i have test it and thats great, but not sure if the hub support MAC clone will what happen, this is not test.

anyway thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.