router lockup 1

[wannabie2]

I have a serious problem. I am running a cisco router in my infrastructure and all has been fine so far. one day a technician came in with a linksys router set to the same default IP address as my router and attached it to a port on my network switch.
after that everything went haywire. no one can connect to my router. instead it attached to the linksys router and the workstations has been disconnected from the server.

after I disconnected the linksys router everything went back to normal. Is there a way to prevent this from happening again?

 

[iolair]

Give the LinkSys a different IP address.

Iolair MacWalter
Network Engineer

 

[wannabie2]

Not actually a solution. Is there a way to stop this? Lets say someone wants to screw around with the IT guy and plugs a router in, or if someone wants to cause trouble with a network, I don't want them to walk in, plug in an unregistered and unauthorized router and walk out. That is close to sabotage. I want to stop it now before someone else does it.

 

[iolair]

Well, if you were using DHCP, then you would use the dhcp exclude address command and reserve your main router's address. If you're not using DHCP, then you could change your main router, but then, what's to prevent the next guy from figuring that out and doing the same, right?

If someone knows your router's address and manually types it in, I'd say you do have a serious problem, and if you have policy in place, you can pursue legal/police action.

One possible solution would be to lock down the switch using port security. That way, you could shutdown interfaces you're not using, and also assign specific MAC addresses to the ports you are using. But, then, again, a serious determined hacker knows how to manipulate MAC addresses.

Iolair MacWalter
Network Engineer

 

[ponoodle]

iolair is correct. Shutting down unused ports and assigned MAC addresses is the way to go. If a hacker is in your building and physically attaching devices to your network, you have bigger problems than IP conflicts. It gets even more interesting if you're using DHCP and that rogue router has a DHCP server(and many do)and it starts handing out IP addresses to everyone asking for one on your network.

 

[VinceWhirlwind]

Enable mac address security. You can add all your authorised devices' MAC addresses into AD and then configure your switchports for Radius port authentication so that devices athenticate before being allowed on the network.

Otherwise - what are the odds of somebody's router having the same address range as yours? What IP range do you use? if it's the same IP range that is in use as the default on routers sold wherever you are (eg, where I live, they all have 192.168.0..) then that's really crap - change your addressing scheme to a 10... address range.

Some switches also allow various security configurations eg, BPDU guard, Nortel switches can actually deny DHCP, from memory, too.

 

[wannabie2]

Thanks guys. I will be using iolair suggestion. I will add the address to the exclusion list and will be using mac address to lock down our network. Just one thing; If I use DHCP to add my router address to the exclusion list doesn't that mean that I would be disabling my own router or is it I will be disabling any other router with the same address as my host router?

Just wanted to know.

 

[ponoodle]

Adding an address, or a range or addresses, to the exclusion list just removes the address from the pool of addresses that can be leased out to machines that request them from the DHCP server. It does not exclude the address from your network.

 

[vipergg]

Just excluding the address from the list will not prevent anyone from manually configuring a device with the same address and attaching it . If you have a small net mac security will work , if its bigger it really becomes unmanagable.