Application or Software to detect or Block unmanaged swicthes
Alan Buxey
alan.buxey at gmail.com
Fri Jun 8 19:12:12 UTC 2018
as already said - this can be covered with adequate processes and
management (even so far as, not doing your job right? time
for HR...). however, there are many ways to ensure that random ports arent
doing anything other than what they should be doing - most of these
are L2 security features - port-security, BPDUGAURD, default vlan pruning,
along with other protections such as DHCP snooping etc.
however, if its the network team doing this - then they could just turn
those things off anyway - so you need to also ensure all
managed switch configs have their configs audited and checked - grabbed by
SNMP and checked/audited against known template etc etc.
if a switch cannot be audited then disconnect its uplink..... but then your
end users/customers no longer have connections - which is why its
really down to management processes. WHY are they doing this? there could
be other reasons why due process isnt being followed
other than eg incompetence, malice, laziness etc
alan
More information about the NANOG
mailing list