as much of a rulemeister as I am, I still have to look at this from the user standpoint. Why are users throwing their own hubs onto the network? Is there a business case to be made? Is facilities too slow getting requested cable pulls done?
what is the concern with a user plugging a hub in at the desk and then connected a couple of extra PC's? if the problem is one of dual homing by accident or otherwise, I can see the issue with spanning tree recalculations. But in a single home situation, what do you see as the issues? when you say that "politically, it's a mess" what does that mean? high powered sales people throwing their weight around? management does not respect your input or concerns? something bad is happening, and it's rolling downhill? I'm not questioning the wisdom or the necessity for doing what others have suggested. I'm just wondering why it is necessary for the network manager / network staff to unilaterally cut off user access. ""John Zaggat"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Thanks guys that's pretty good information, but do you think in your opinion > is that good approach to deal with this problem. Do you see any caveats and > are there any other ways this can be dealt with. > ""Kevin Wigle"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > take a look into Port Security. > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > _guide_chapter09186a008007f2dd.html > > > > In the event of a security violation, you can configure the port to go > into > > shutdown mode or restrictive mode. The shutdown mode option allows you to > > specify whether the port is permanently disabled or disabled for only a > > specified time. The default is for the port to shut down permanently. The > > restrictive mode allows you to configure the port to remain enabled during > a > > security violation and drop only packets that are coming in from insecure > > hosts. > > > > Kevin Wigle > > > > > > ----- Original Message ----- > > From: "John Zaggat" > > To: > > Sent: Saturday, October 05, 2002 5:01 PM > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > I am just trying to think of how to restrict Hubs from being used in the > > > LAN. Politically it's a mess and despite a lot of discussions certain > > people > > > are able to add hubs at will where ever they want. So I was trying to > > think > > > of a way to stop that within the switch. Now normally these ports that > the > > > hubs are connected to show several mac addresses when I do "show cam" > > which > > > gives me an idea is there any way to restrict host ports to only accept > > one > > > mac-address. I don't want to hardcode the mac-address because that would > > be > > > too much a administrative burden. But if I could restrict the port to > > accept > > > just one mac-address then that will make these hubs useless. Well > anyways > > > let me know if I am way off here but are there any other tricks in use > by > > > any of you guys. I'll appreciate any pointers. > > > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54950&t=54937 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]