With this configuration once the switch learns the MAC address of the attached device it stores it in the configuration (you will the see an additional line in the config with the MAC address). If someone disconnects their PC and attaches a WiFi router or AP (or any other device) the switch will deny then access. If some one legitimately moves then you can manually clear the MAC address from the port:
Personally I don't like using this as I think it's a pain to administer, however a lot of people do use it - if you have a lot of laptops and hot-desking then it is a nightmare.
I have deployed 802.1x in a MS AD environment and in my opinion this is better but requires a fair bit of work to get everything 'provisioned'.
If you are looking for an easy technical solution then you aren't going to find one. You could always get it written into the security policy you get users to sign with violation dismisal?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.