My customer has several Cisco SDWAN (Viptela) sites that consist of a single vEdge/cEdge router and a single layer 2 switch. A single service side vEdge/cEdge port is connected to the switch and is in VPN1. These sites are in locations that are shared with other "sister" organizations. This has occasionally caused problems where one of the personnel from a "sister" organization unplugs the switch from the vEdge/cEdge and plugs in their own device. It's not done maliciously but as you can expect it causes problems.
What is the recommended way for a vEdge or cEdge service side port to protected from this such that it is disabled or at a minimum does not allow the foreign device to actually be able to use the port?
Thanks for any guidance.
The closest I can get from a solution for this is port-security. But, it will not presend anyone from take the switch, of course. For that, you can use a locker, for example With port-security you could stick the router mac address ont the switch uplink and only that router would be permited to connect on the switch uplink.
If you can lock the switch config, then, no one would be able to use another port to create uplinks. Switch must have a user and password that only you have control.
I don't think either of these responses would work for our problem. We need to lock down the port on the vEdge/cEdge router, not the port on the switch. Also, it looks like SDWAN port security is not supported in the vEdge routers or the ISR1100 cEdge routers.
Please correct me if I'm wrong.