cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
191
Views
10
Helpful
4
Replies
Highlighted
Beginner

Preventing users connecting hub, switches routers, access points

Hi all, I’ve recently started managing a network for in a building that provides serviced offices and our tenant’s pay for each port they use. However our tenants often plug their own switches into our network to gain access to more ports, connect APs so they do not have to pay to use our WiFi (which causes channel interference) 

 

I have considered port security (allow a maximum of 2 MAC addresses per port - 1 for VOIP) and subnetting to reduce amount of usable IP addresses. But this isn’t fall proof, for example if a tenant installs a router using NAT then unless I statically assign MAC addresses or use sticky MAC (which isn’t practical) they’ll get around the system. 

 

Does anyone have any suggestions? I was looking at 802.1x but I think this will annoy tenants as they’ll need to authenticate every time they access the network. But my understanding of 802.1x is limited 

 

 

4 REPLIES
Beginner

Re: Preventing users connecting hub, switches routers, access points

BPDU guard is your friend here for switches and hubs.  When assigned to ports it prevents any rogue hubs or switches by disabling the port when they are plugged into your switch.  But for the WAPS and routers your right to use port security.

VIP Expert

Re: Preventing users connecting hub, switches routers, access points

A hub is a layer-1 device and so, it does not participate in STP nor does it send BPDU.

HTH

Beginner

Re: Preventing users connecting hub, switches routers, access points

Ah yes you are correct.  My bad that would also need port security.

VIP Advisor

Re: Preventing users connecting hub, switches routers, access points

Hello

Along with the other suggestions, You may look into DHCP snooping with Ip source guard (IPSG) and dynamic arp inspection  (DAI )



kind regards
Paul

Please don't forget to rate any posts that have been helpful.
CreatePlease to create content
Ask the Expert- Firepower configuration & troubleshooting