Rough PC and Laptops

[coladmin]

I am looking for a way to prevent rouge PC's and laptops from being plugged into the network. I had thought using DHCP and create a reservation for all of the PC's and laptops that we had but this would not stop someone from inputing in the address manaully. I had aslo thought about using the port security feature on Cisco 2950 switches but it seems cumbersome to manage. I am wondering what other solutions are out there. I am running a Windows 2000 Active Directory and Cisco 2950 switches. Thanks

Colamdin

 

[pansophic]

Your best bet is to run arpwatch, a *nix utility that monitors arp broadcasts and keeps a log of which MAC addresses are already on your network. It will send you an email when it discovers a new MAC address (NIC) on your network. After a couple of days, you should be down to the legitimate addresses, so any email is either a new machine that you have added or a rogue PC.

You can block the new MAC addresses in your switches using the command below:

mac-address-table static mac_address vlan vlan_ID drop 

You may want to read through this article on VoIP that explains some of the uses of arpwatch.

http://www.cisco.com/en/US/netsol/n...g_solutions_white_paper09186a00801b7a50.shtml

You'll need to run this continuously, so you'll have to dedicate a PC to the task, but an old 386 is more than enough horse power. If you are unfamiliar with Linux, then you will need to make sure that you can easily load that version of Linux on your PC. If you don't want to install Linux, you can take a system that is bootable from CD and has a FAT disk and use KNOPPIX. No installation necessary.


pansophic