security????? 1

[Flyers01]

I have cisco 3550 and 3560 switches

How can I prevent someone connecting a wireless dlink
linksys or any other wireless router.

I have had people do this so they connect via wireless and this is causing a huge security risk.

 

[ADB100]

You can enable port-security with sticky MAC addresses and restrict each access port to a single MAC address:

interface FastEthernet0/1
 switchport port-security maximum 1 vlan access
 switchport port-security mac-address sticky
 switchport port-security
 switchport port-security violation restrict

With this configuration once the switch learns the MAC address of the attached device it stores it in the configuration (you will the see an additional line in the config with the MAC address). If someone disconnects their PC and attaches a WiFi router or AP (or any other device) the switch will deny then access. If some one legitimately moves then you can manually clear the MAC address from the port:

clear port-security sticky interface fastEthernet 0/1

Personally I don't like using this as I think it's a pain to administer, however a lot of people do use it - if you have a lot of laptops and hot-desking then it is a nightmare.
I have deployed 802.1x in a MS AD environment and in my opinion this is better but requires a fair bit of work to get everything 'provisioned'.

HTH

Andy

 

[Flyers01]

yeah i don't think this will work I have over 1800 switch to manager all at different locations.
nightmare to manage

 

[ADB100]

yeah i don't think this will work I have over 1800 switch to manager all at different locations.
nightmare to manage

If you are looking for an easy technical solution then you aren't going to find one. You could always get it written into the security policy you get users to sign with violation dismisal?

Andy