Using port security tends to open a can of worms with faculty and TA's who use hubs in overcrowded offices. Also, it does not defend against rogue AP's or other devices doing NAT, as only a single mac is seen on the switch.
Mike
*************************************************************** Michael Dickson Phone: 413-545-9639 Network Analyst Fax: 413-545-3203 University of Massachusetts Email: [EMAIL PROTECTED] Network Systems and Services ***************************************************************
Yantis, Jonathan Lindsey wrote:
One way we have found to mitigate rouge APs (and this only works on newer networks) is through port security. I you are running cisco 2950s or newer on your wired lan, you can use this method to restrict each port on your lan to a single device and this in turn knocks off any associated clients to an AP since the AP itself takes up one mac address.
We use the following port level commands:
switchport mode access switchport port-security switchport port-security aging time 1 switchport port-security violation restrict
This lets users disconnect their desktops and plug up a laptop if they want, but it still restricts the port to one mac address per 1min interval.
I know this isn't exactly what you were looking for but it is one more way we have found to make things easier. It also knocks off consumer hubs and switches too. Other than that, we do like you, ministumbler on an ipaq or netstumbler on windows (or kismet on linux).
-- Jonathan Yantis - [EMAIL PROTECTED] - (843-953-7770)
-----Original Message----- From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] On Behalf Of Donald Gallerie Sent: Friday, February 04, 2005 2:17 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless Identification Tools
In an effort to better identify rogue access points, can any of you recommend tools that would make the physical and network pinpointing of WAPs a bit easier. We have identified a number of rogues but cannot ascertain exactly where they are. We have tried getting the mac address from the wireless side and doing an arp lookup but oftentimes they are running NAT and the mac on the wired side is different.
We would like to sweep the campus and get as much information as we can in a single pass (automatic documentation features would also be useful). I had thought about using a directional antenna and netstumbler but thought others may have found other, more user friendly tools.
Any recommendations?
Don Gallerie Assistance Director Telecommunications The University at Albany
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
