Inter switch security

mark206000

Hi !

I have lets say 2 switches, one in the switchroom and another at an office at the far side of the building connected via fibre.

They are another IT department and are limited to 5 connections to our systems, I can control this fine by stickying the macs with port security.

The physical switch however is accessible to the users and I'm concerned that they could just unplug the fibre and stick it into another switch of their own, so bypassing the port security and adding what they like on.

Is there a way to stop them doing this ? So only the switch we've installed in the office can be used ?

I thought about adding the port security to the central switch instead and allowing them 5 macs on the single uplink port to the office switch. But if a violation occurs it'll take out all 5 in one go, i'd rather avoid this.

They're HP switches btw, so no restrict option.

degsie

Put the switch inside a physical lockable cabinet?

moc moc a moc

^^ This would be the simplest solution.

Another option would be to implement 802.1x. Also, I don't know about HP, but on Ciscos you can configure port security to drop frames from unknown MACs rather than shutting down the port ('protect' mode).

mark206000

Hi, thanks for replies.

It's being mounted in their own cabinet. It would all kick off I we mounted our own and took away the key !

No protect mode on these, ignore and log or shutdown and log only. We have to use HP due to contracts.

Stuff em, if they muck about they can say bye to all 5 then !