cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
6526
Views
0
Helpful
1
Replies
kufatson
Beginner

How to turn a Cisco 2960S into "unmanaged switch"

Hi,

The company I am working for has outsourced the network maintenace to a telecom company.  We are not supposed to plug switches not owned by the telecom company to the network.  In one occasion we plugged a Cisco switch into the network and it was detected (and of course, we were "warned" not to do so).  In another occasion, we plugged a 3Com and a Linksys unmanaged switches into the network.  They were not detected.

We have several Cisco 2960S switches on hand and would like to turn them into "unmanaged" switches.  May I ask what configurations will be required?  I can think of the below:

- Disable CDP

- Disable Spanning-tree

- Disable VTP (or config it into transparent mode?)

- Do not assign IP address to interface Vlan1 (or simply shut it down)

Another question is that, supposed the "unmanaged" 2960 switch will be connected to port 1 (in vlan 20) of an uplink switch, if I do not specify the vlan no for the ports on the 2960 switch, will those ports belong to vlan 20?

Thanks a lot.

Dennis

1 ACCEPTED SOLUTION

Accepted Solutions
Joseph W. Doherty
Hall of Fame Expert

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Likely when you connected the managed Cisco switch, something like CDP gave you away, but you're correct, Cisco managed switches often "do more" on the port than just receive/send data frames as a dumb unmanaged switch would.

I believe you're on the right track, in your approach in attempting to conceal the there's an attached managed switch on an edge port, but unless the device is also doing NAT, multiple MACs on an edge port will also reveal there's some hub or switch attached to the port.  I.e. the occasion where you attached a 3Com or Linksys went undetected, might only mean your telecom company was a bit slow; don't count on them not noticing the additional MACs.

Even if you do have a device doing NAT, it's MAC might reveal what it is.  Toughest to detect there's more than one edge device on the edge port might be using a PC for the NAT device.

My recommendation would be to comply with your contract with your telecom vendor.  If your management has authorized such non-compliance (they have, right?), they will also be the ones to deal with any breach of contract legalities.  (If your management has not authorized non-compliance, you, I believe, expose yourself for termination for cause.)

Another question is that, supposed the "unmanaged" 2960 switch will be connected to port 1 (in vlan 20) of an uplink switch, if I do not specify the vlan no for the ports on the 2960 switch, will those ports belong to vlan 20?

Sort of.  For whatever access port VLAN is being used on your switch, your VLAN will be an extension of the VLAN on the uplink switch.  (If you don't define an access port VLAN, it should default to VLAN 1.)

View solution in original post

1 REPLY 1
Joseph W. Doherty
Hall of Fame Expert

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Likely when you connected the managed Cisco switch, something like CDP gave you away, but you're correct, Cisco managed switches often "do more" on the port than just receive/send data frames as a dumb unmanaged switch would.

I believe you're on the right track, in your approach in attempting to conceal the there's an attached managed switch on an edge port, but unless the device is also doing NAT, multiple MACs on an edge port will also reveal there's some hub or switch attached to the port.  I.e. the occasion where you attached a 3Com or Linksys went undetected, might only mean your telecom company was a bit slow; don't count on them not noticing the additional MACs.

Even if you do have a device doing NAT, it's MAC might reveal what it is.  Toughest to detect there's more than one edge device on the edge port might be using a PC for the NAT device.

My recommendation would be to comply with your contract with your telecom vendor.  If your management has authorized such non-compliance (they have, right?), they will also be the ones to deal with any breach of contract legalities.  (If your management has not authorized non-compliance, you, I believe, expose yourself for termination for cause.)

Another question is that, supposed the "unmanaged" 2960 switch will be connected to port 1 (in vlan 20) of an uplink switch, if I do not specify the vlan no for the ports on the 2960 switch, will those ports belong to vlan 20?

Sort of.  For whatever access port VLAN is being used on your switch, your VLAN will be an extension of the VLAN on the uplink switch.  (If you don't define an access port VLAN, it should default to VLAN 1.)

View solution in original post