how can i blcok wireless hub connect to our company

hello Expert
in our company, some users bring a wireless hub connect to network, so that they using WIFI on cell phone or iPad etc, i just want to know does it possible block this?
all end user desk port are connecting to several Cisco 2950 switch, and core switch is Cisco 3550, does it possible configure ports on 2950 which could only get computer connected others not?

thank you
beardog1113Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

helpfinderIT ConsultantCommented:
I recommand you firtsly to issue some internal document, policy that this is forbiden to do and they could be punished for such a behavior by employer

no extrra smart idea from my side, only what I have on my mind is to set your DHCP to give IP to concrete MAC address (so you collect all MAC addresses in your company and match them with particular IP) - this could solve your problem but on other hand I agree this is not a handy solution (especialy in large enviroment)
or you could get a wifi router mac and block it so your DHCP won´t assign IP to it (but if your users are a little bit IT experienced I am sure they wil be able to change routers MAC and they are online back)
0
PaulNSWCommented:
You can also use Cisco's port security settings

Read the article here
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
abhishek1986Commented:
If you have a small client base, you can map MAC Addresses to a particular port of the switch, which gives you additional security and solves your problem of some external devices being added to the network.
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

Neil RussellTechnical Development LeadCommented:
MAC Authentication is of course the best way. You could easily script with powershell, WMI to collect all of the MAC Addresss of your company computers.
0
Darr247Commented:
The only problem with that (MAC-based ACLs) is, I have never seen a consumer grade router than did not have a MAC Cloning function to make it appear to be the computer that is actually hooked to one of the router's LAN ports, configuring it.

So, a Network Usage Policy with repeated violations subject to disciplinary action, is the best way to go, in my opinion... with occassional sweeps using a laptop running WiFi Inspector or inSSIDer to look for rogue access points just to show them they CAN be detected and found.
0
beardog1113Author Commented:
yes, port-security helps, i have test it and thats great, but not sure if the hub support MAC clone will what happen, this is not test.

anyway thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.