Campus Switching and Routing

Reply
WB
New Contributor

How to avoid end-user connect their wireless router?

 just replaced our network gears with Aruba 2930f. I had gone through all basic security such as DHCP snooping, DHCP trusted port and BDPU. One thing I don't know if I am able to shut down the sw port if someone uses wireless routers or rouge routers to connect our network? For now, when I plugged in my WAN port from wireless router to the 2930f switch port; wireless router did not create any network problem. But when I connected my laptop to wireless router and got IP from the router; I'm still able to ping or routing to corporate subnets. Is there any way to avoid that? I can create access list but I want to see if there is any Aruba CLI would solve this problem.

 

Thanks guys

Contributor I

Re: How to avoid end-user connect their wireless router?

you may need a network access controller.

Occasional Contributor II

Re: How to avoid end-user connect their wireless router?

Without proper port authentication (802.1x) and/or profiling you will not solve the problem. Using ClearPass for network access control en policy enforcement can help you.

 

The router you placed in the network will get an IP address and probably NAT the traffic of the client connected to you wireless router.

 

Another method to detect NAT devices on the network http://www.sflow.org/detectNAT/. The downside is that you need to have an sFlow collector for detecting. Also you want to automate disabling ports when a rogue NAT device has been detected. Implementing network access control is probably a more easy and reliable direction.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: