See inline.. Chuck's Long Road wrote: > > as much of a rulemeister as I am, I still have to look at this > from the user > standpoint. Why are users throwing their own hubs onto the > network? Is there > a business case to be made? Is facilities too slow getting > requested cable > pulls done? > > what is the concern with a user plugging a hub in at the desk > and then > connected a couple of extra PC's? if the problem is one of dual > homing by > accident or otherwise, I can see the issue with spanning tree > recalculations. But in a single home situation, what do you > see as the > issues? >
I see one issue: collisions, if you have a switched network you don't want to deal with collisions that hubs normally produce. I have to recognize, though, that hubs sometimes are very convenient and I'm the first on using them. > when you say that "politically, it's a mess" what does that > mean? high > powered sales people throwing their weight around? management > does not > respect your input or concerns? something bad is happening, and > it's rolling > downhill? > In some environments it's politically unacceptable, I know some hospitals in which you have to fill in a lot papers before being allowed to use a PC, so in that environments this could perfectly be part of the policy. > I'm not questioning the wisdom or the necessity for doing what > others have > suggested. I'm just wondering why it is necessary for the > network manager / > network staff to unilaterally cut off user access. > > > > > ""John Zaggat"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Thanks guys that's pretty good information, but do you think > in your > opinion > > is that good approach to deal with this problem. Do you see > any caveats > and > > are there any other ways this can be dealt with. > > ""Kevin Wigle"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > take a look into Port Security. > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > _guide_chapter09186a008007f2dd.html > > > > > > In the event of a security violation, you can configure the > port to go > > into > > > shutdown mode or restrictive mode. The shutdown mode option > allows you > to > > > specify whether the port is permanently disabled or > disabled for only a > > > specified time. The default is for the port to shut down > permanently. > The > > > restrictive mode allows you to configure the port to remain > enabled > during > > a > > > security violation and drop only packets that are coming in > from > insecure > > > hosts. > > > > > > Kevin Wigle > > > > > > > > > ----- Original Message ----- > > > From: "John Zaggat" > > > To: > > > Sent: Saturday, October 05, 2002 5:01 PM > > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > > > > I am just trying to think of how to restrict Hubs from > being used in > the > > > > LAN. Politically it's a mess and despite a lot of > discussions certain > > > people > > > > are able to add hubs at will where ever they want. So I > was trying to > > > think > > > > of a way to stop that within the switch. Now normally > these ports that > > the > > > > hubs are connected to show several mac addresses when I > do "show cam" > > > which > > > > gives me an idea is there any way to restrict host ports > to only > accept > > > one > > > > mac-address. I don't want to hardcode the mac-address > because that > would > > > be > > > > too much a administrative burden. But if I could restrict > the port to > > > accept > > > > just one mac-address then that will make these hubs > useless. Well > > anyways > > > > let me know if I am way off here but are there any other > tricks in > use > > by > > > > any of you guys. I'll appreciate any pointers. > > > > JZ > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54954&t=54937 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
