If you have Cisco gear, you might try enabling POT SECURITY to limit the number of MAC addresses seen on each port. We set our general ports to a max of 2 MAC addresses which allows for easy change to a new desktop machine but typically hurts wireless users (unless it is only their wireless AP & their PC). Ports with known wireless APs are set higher (number depending on location & typical use).
-jcw > To: [EMAIL PROTECTED] > From: Sean Che <[EMAIL PROTECTED]> > Date: Tue, 17 Feb 2004 14:23:06 -0500 > Subject: [WIRELESS-LAN] locate the rogue AP from wired side > Reply-To: "802.11 wireless issues listserv" <[EMAIL PROTECTED]> > > Our campus, as all other universities in US, has lots of rogue APs. > People spent less than 100 dollars each bought them from Bestbuy or > circuitcity and plug them into the campus wired network. A large portion > of the Rogue AP population even don't have WEP on. Everybody agrees > that it could cause security problems. But some people don't care. We > have repeatedly told them not to do so and they still keep doing so. If > we are going to shut them off , how do we physically locate them? > With netstumbler or similar tools, it is not difficult to find them, > wirelessly. The BSSIDs or MAC addresses of the radio card are easy to > get. But is it possible to find those APs from wired side? or more > specifially, locate the port to which this rogue AP connect, provided > it is hooked into campus network? > What we have: access to the MAC cache of all campus switches, the > BSSID/MAC address of the radio card. > Anybody has been facing the same problem/needs? Any efficient > tools/software available? > > Thanks a lot! > > -- > > ------------------------------------- > Sean Che > Network Engineer > Network Services > Wayne State University > Voice: (313)577-1922 > Pager: (313)990-5403 > Email: [EMAIL PROTECTED] > ------------------------------------- > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list > can be found at http://www.educause.edu/cg/. > ---------------------------------------------------------------- John Watters UA: Office of Information Technology 205-348-3992 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
