04-03-2016 05:55 AM - edited 03-08-2019 05:11 AM
I have a network at work made of cisco swithes and routers. The problem is that employees connects the fritz box to get wireless access to the network which results in lot of issues in the network. Is there a way to block this device from establishing a connection on the switch.
04-03-2016 09:39 AM
Hi -
To make a reasonable attempt at stopping this, you must have a policy and management buy-in to enforce it. Without that your problem is going to go on forever.
On the technical side, these devices are likely using NAT I doubt that switchport security would help you. Here are some ideas ranked on enforcement strength...
Policy based enforcement will be your cheapest option, it just needs some management backbone.
Good Luck!
PSC
04-03-2016 11:10 AM
Thank you Paul, I am not very clear on this."you must have a policy and management buy-in to enforce it". How do you do this?
04-03-2016 11:54 AM
I'm talking about company policies and procedures. This is non-technical. You basically need a policy that says, "employees may not place unauthorized systems on the company network". This would include statements such as, "failure to follow procedure may result in disciplinary action up to and including termination". The key is that you need management that will execute the disciplinary portion of the policy if it is violated. Without a policy you have no way to reasonably try to secure your network.
Even if you implement some technical solution to stop these devices what do you tell someone who calls the help desk and asks for one to be placed for him? If you have no policy, then you can't reasonably refuse.
PSC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide