Pat, The "8th layer" policy idea is good. I would take that one step further, after checking with your legal department to make sure they don't have a problem with it and that it's airtight:
In addition to the "disciplinary action up to and including termination" clause, incorporate in company policy a clause something like this: "Any personal computer or networking equipment that is plugged into company infrastructure without explicit approval is forfeit and becomes the property of the company." This is particularly effective if your policies include a statement that those who agree to it also agree to any future revisions of said policy. As for a technical way to stop it ... shutdown all unused switchports, or assign them to a VLAN that goes nowhere. You'd still need to check for rogue equipment -- someone could set up their machine with two NICs, hang an AP off one of them, and make it work with address translation. Thanks, Shawn Patrick Donlon wrote: > > Thanks Chris, I was thinking more about securing the switch ports by > authenticating mac's (probably a bit OTT) or using SNMP to check for new > devices, any other ideas? I've already set up a wireless LAN here with WEP > with authentication on an ACS server, which is a waste of time when you have > people setting up there own kit, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47391&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
