Well, when I wrote the orginal post I knew I will have these questions. Basically the first layer of support or help desk if you will have more PCs then the drops in their cubes. This is an old building not meant for an IS staff so there is some frustration on their part. I am not going to question if there is a legit need for folks to have 5 PCs when there is infact a seperate staging area to set up and test pcs for users. Any ways they know enough to be dangerous and there is no standard on hubs and I have seen where folks have created loops. Now with Windows XP I have seen some configs where 2 nics have been bridged via software I am not sure with what intent. Although it's been made clear many times not to use hubs but this is never enforced and I did not want to spend my time daily trying to hunt down the lawless. So that's when I thought if I could config the switch this will discourage the hub usage or bridging within pcs. I hope that answers most of the questions here. ""David j"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > See inline.. > Chuck's Long Road wrote: > > > > as much of a rulemeister as I am, I still have to look at this > > from the user > > standpoint. Why are users throwing their own hubs onto the > > network? Is there > > a business case to be made? Is facilities too slow getting > > requested cable > > pulls done? > > > > what is the concern with a user plugging a hub in at the desk > > and then > > connected a couple of extra PC's? if the problem is one of dual > > homing by > > accident or otherwise, I can see the issue with spanning tree > > recalculations. But in a single home situation, what do you > > see as the > > issues? > > > > I see one issue: collisions, if you have a switched network you don't want > to deal with collisions that hubs normally produce. I have to recognize, > though, that hubs sometimes are very convenient and I'm the first on using > them. > > > when you say that "politically, it's a mess" what does that > > mean? high > > powered sales people throwing their weight around? management > > does not > > respect your input or concerns? something bad is happening, and > > it's rolling > > downhill? > > > In some environments it's politically unacceptable, I know some hospitals in > which you have to fill in a lot papers before being allowed to use a PC, so > in that environments this could perfectly be part of the policy. > > > I'm not questioning the wisdom or the necessity for doing what > > others have > > suggested. I'm just wondering why it is necessary for the > > network manager / > > network staff to unilaterally cut off user access. > > > > > > > > > > ""John Zaggat"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Thanks guys that's pretty good information, but do you think > > in your > > opinion > > > is that good approach to deal with this problem. Do you see > > any caveats > > and > > > are there any other ways this can be dealt with. > > > ""Kevin Wigle"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > take a look into Port Security. > > > > > > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > > _guide_chapter09186a008007f2dd.html > > > > > > > > In the event of a security violation, you can configure the > > port to go > > > into > > > > shutdown mode or restrictive mode. The shutdown mode option > > allows you > > to > > > > specify whether the port is permanently disabled or > > disabled for only a > > > > specified time. The default is for the port to shut down > > permanently. > > The > > > > restrictive mode allows you to configure the port to remain > > enabled > > during > > > a > > > > security violation and drop only packets that are coming in > > from > > insecure > > > > hosts. > > > > > > > > Kevin Wigle > > > > > > > > > > > > ----- Original Message ----- > > > > From: "John Zaggat" > > > > To: > > > > Sent: Saturday, October 05, 2002 5:01 PM > > > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > > > > > > > I am just trying to think of how to restrict Hubs from > > being used in > > the > > > > > LAN. Politically it's a mess and despite a lot of > > discussions certain > > > > people > > > > > are able to add hubs at will where ever they want. So I > > was trying to > > > > think > > > > > of a way to stop that within the switch. Now normally > > these ports that > > > the > > > > > hubs are connected to show several mac addresses when I > > do "show cam" > > > > which > > > > > gives me an idea is there any way to restrict host ports > > to only > > accept > > > > one > > > > > mac-address. I don't want to hardcode the mac-address > > because that > > would > > > > be > > > > > too much a administrative burden. But if I could restrict > > the port to > > > > accept > > > > > just one mac-address then that will make these hubs > > useless. Well > > > anyways > > > > > let me know if I am way off here but are there any other > > tricks in > > use > > > by > > > > > any of you guys. I'll appreciate any pointers. > > > > > JZ
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54956&t=54937 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
