Solved

how can i blcok wireless hub connect to our company

Posted on 2012-03-23
6
356 Views
Last Modified: 2012-03-23
hello Expert
in our company, some users bring a wireless hub connect to network, so that they using WIFI on cell phone or iPad etc, i just want to know does it possible block this?
all end user desk port are connecting to several Cisco 2950 switch, and core switch is Cisco 3550, does it possible configure ports on 2950 which could only get computer connected others not?

thank you
0
Comment
Question by:beardog1113
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 37756202
I recommand you firtsly to issue some internal document, policy that this is forbiden to do and they could be punished for such a behavior by employer

no extrra smart idea from my side, only what I have on my mind is to set your DHCP to give IP to concrete MAC address (so you collect all MAC addresses in your company and match them with particular IP) - this could solve your problem but on other hand I agree this is not a handy solution (especialy in large enviroment)
or you could get a wifi router mac and block it so your DHCP won´t assign IP to it (but if your users are a little bit IT experienced I am sure they wil be able to change routers MAC and they are online back)
0
 
LVL 7

Accepted Solution

by:
PaulNSW earned 500 total points
ID: 37756219
You can also use Cisco's port security settings

Read the article here
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html
0
 
LVL 5

Expert Comment

by:abhishek1986
ID: 37756225
If you have a small client base, you can map MAC Addresses to a particular port of the switch, which gives you additional security and solves your problem of some external devices being added to the network.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 37

Expert Comment

by:Neil Russell
ID: 37756323
MAC Authentication is of course the best way. You could easily script with powershell, WMI to collect all of the MAC Addresss of your company computers.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37758297
The only problem with that (MAC-based ACLs) is, I have never seen a consumer grade router than did not have a MAC Cloning function to make it appear to be the computer that is actually hooked to one of the router's LAN ports, configuring it.

So, a Network Usage Policy with repeated violations subject to disciplinary action, is the best way to go, in my opinion... with occassional sweeps using a laptop running WiFi Inspector or inSSIDer to look for rogue access points just to show them they CAN be detected and found.
0
 

Author Closing Comment

by:beardog1113
ID: 37759620
yes, port-security helps, i have test it and thats great, but not sure if the hub support MAC clone will what happen, this is not test.

anyway thanks
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question