1

We have a medium sized network and from time to time something bad happens. Once it was a router configured to assign IPs via DHCP that did not match our network mask, thus making all clients unable to access the internet through our router, and another time it was some network attached device that occupied the IP of our router (somebody had set a fix IP address to it, creating a collision).

In both cases I could see which MAC address was causing the problem, but then I had the problem of trying to track the device down by going to each switch and unplugging one line after the other to find out if the problem persists.

Is there a simple way to avoid these problems, by overriding the DHCP assignment or isolating the rogue device?

Improve this question
4
  • Were these routers supposed to be connected to the network?
    – music2myear
    Commented Feb 13, 2012 at 16:17
  • These routers were not supposed to be connected to the network. They were used by our users to provide Wireless access in their rooms. While this is permitted, we do not encourage it, and as mentioned causes trouble for the entire network if configured the wrong way.
    – cdecker
    Commented Feb 13, 2012 at 16:22
  • Wow, you let them set up their own wireless routers? That's a huge security hole in your network. I sincerely hope your company doesn't deal with anyone's private information.
    – BBlake
    Commented Feb 13, 2012 at 16:43
  • Well it's more of a student dorm, and the students are located in a DMZ, separate from any sensitive information. Problem is that a single misconfigured device can take down the entire student network, and I have to scramble.
    – cdecker
    Commented Feb 13, 2012 at 16:52

2 Answers 2

Reset to default
1

If the MACs belong to devices that aren't supposed to be on the network anyways, you should be able to block their MACs entirely on the network. Provide switch hardware brands and models and we should be able to look up the specifics on how this would be done.

Also, most managed switches and routers should be able to indicate which port a specific MAC is connected to.

Improve this answer
1
  • We currently do not use managed switches, but after the last incident we are looking into replacing our current switches with managed ones. Thanks for the hint.
    – cdecker
    Commented Feb 13, 2012 at 16:54
0

What do you use for switching? You should be able to see what port a particular MAC is associated with in any managed switch. Also, to prevent this sort of thing, you can look into port security. This is a Cisco provided feature set that allows you to lock down ports and cause a shutdown on violation.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .