asked on

How to block unmanaged switches from network

How to block unmanaged switches from network. I have already apply BBDU Guard on interface but where unmanaged switches attached port will not block. and in show spanning-tree interface detail command no BpDU received. So please help is required for block unmaanged switches fron network. Other than port security please

SOLUTION

Mal Osborne

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

von Axl

Remove them physically by hand.

ASKER CERTIFIED SOLUTION

Don Johnston

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

masnrock

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Andy Bartkiewicz

If you have a domain I would recommend using 802.1x/raduis. When a device attaches to a port it is authenticated against your domain either by user or device credentials ( highly recommend using device credentials). This will lock down your ports, but you don't have to keep track of mac addresses like you do in port security.

masnrock

Andy's suggestion would block unauthorized systems people are trying to connect to the network, but it would not address the switch topic.

Port security isn't about knowing the MACs, but preventing more than one MAC from utilizing a port on the manager switch. With port security on, you automatically prevent this. With it off, you can monitor your managed switcg and deduce where an unmanaged switch might be. The user(s) would then have to deal with the embarrassment of being observed with you confiscating the switch and reporting it.

SOLUTION

Craig Beck

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

masnrock

Answered