I guess you can do that and more with a linux based switch like cumulus and pica8.
They allow you to do all sorts of things like that because they are open. On Thursday, June 7, 2018, <ke...@contoocook.net> wrote: > In my previous life, we used a nac appliance from Bradford Networks > whereby the mac address of every device needed to be registered or the > switch port it was plugged into would be disabled. > This kept spurious devices from appearing on the network and worked quite > well. > Cheers, Keith > > Sent from my android device. > > -----Original Message----- > From: Jason Hellenthal <jhellent...@dataix.net> > To: segs <michaelolusegunru...@gmail.com> > Cc: nanog@nanog.org > Sent: Thu, 07 Jun 2018 7:54 > Subject: Re: Application or Software to detect or Block unmanaged swicthes > > As someone already stated the obvious answers, the slightly more difficult > route to be getting a count of allowed devices and MAC addresses, then > moving forward with something like ansible to poll the count of MAC’s on > any given port ... of number higher than what’s allowed, suspend the port > and send a notification to the appropriate parties. > > > All in all though sounds like a really brash thing to do to your network > team and will generally know and have a very good reason for doing so... > but not all situations are created equally so good luck. > > > -- > > The fact that there's a highway to Hell but only a stairway to Heaven says > a lot about anticipated traffic volume. > > > On Jun 7, 2018, at 03:57, segs <michaelolusegunru...@gmail.com> wrote: > > > > Hello All, > > > > Please I have a very interesting scenario that I am on the lookout for a > > solution for, We have instances where the network team of my company > bypass > > controls and processes when adding new switches to the network. > > > > The right parameters that are required to be configured on the switches > > inorder for the NAC solution deployed to have full visibility into end > > points that connects to such switches are not usually configured. > > > > This poses a problem for the security team as they dont have visibility > > into such devices that connect to such switches on the NAC solution, the > > network guys usually connect the new switches to the trunk port and they > > have access to all VLANs. > > > > Is there a solution that can detect new or unmanaged switches on the > > network, and block such devices or if there is a solution that block > users > > that connect to unmanaged switches on the network even if those users > have > > domain PCs. > > > > Anticipating your speedy response. > > > > Thank You! >