Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
655
Views
0
Helpful
3
Replies

How to block Fritz!Box from connecting to a cisco switch

jeff000022
Level 1
Level 1

‎04-03-2016 05:55 AM - edited ‎03-08-2019 05:11 AM

I have a network at work made of cisco swithes and routers. The problem is that employees connects the fritz box to get wireless access to the network which results in lot of issues in the network. Is there a way to block this device from establishing a connection on the switch.

Labels:
0 Helpful
3 Replies 3

Paul Chapman
Level 4
Level 4

‎04-03-2016 09:39 AM

Hi -

To make a reasonable attempt at stopping this, you must have a policy and management buy-in to enforce it.  Without that your problem is going to go on forever.

On the technical side, these devices are likely using NAT I doubt that switchport security would help you. Here are some ideas ranked on enforcement strength...

  1. Implement 802.1x port authentication (aka EAPoL).
  2. Rogue AP Detection (if using Cisco Wireless): Implement Isolation mode. (Requires understanding of FCC rules on interference and legal ramifications)
  3. Install MAC access lists which would block the default hardware addresses of the devices (Try this lookup).

Policy based enforcement will be your cheapest option, it just needs some management backbone.

Good Luck!

PSC

0 Helpful

jeff000022
Level 1
Level 1
In response to Paul Chapman

‎04-03-2016 11:10 AM

Thank you Paul, I am not very clear on this."you must have a policy and management buy-in to enforce it". How do you do this?

0 Helpful

Paul Chapman
Level 4
Level 4
In response to jeff000022

‎04-03-2016 11:54 AM

I'm talking about company policies and procedures.  This is non-technical.  You basically need a policy that says, "employees may not place unauthorized systems on the company network".  This would include statements such as, "failure to follow procedure may result in disciplinary action up to and including termination".  The key is that you need management that will execute the disciplinary portion of the policy if it is violated.  Without a policy you have no way to reasonably try to secure your network.

Even if you implement some technical solution to stop these devices what do you tell someone who calls the help desk and asks for one to be placed for him?  If you have no policy, then you can't reasonably refuse.

PSC

0 Helpful
Customers Also Viewed These Support Documents
Top