Duplicate printer IP address

**BillyCarpenter** · 11-30-2022

There's another way to do this and it's probably the best method, IMHO. You can bind a mac address, or two, to a specific port on the switch. If someone comes along and plugs in a laptop or other device, the port immediately shuts down and the IT dept is notified via email.

You can also do some other cool stuff but we'll save that for another day.

**techsxge** · 11-30-2022

Originally Posted by BillyCarpenter

There's another way to do this and it's probably the best method, IMHO. You can bind a mac address, or two, to a specific port on the switch. If someone comes along and plugs in a laptop or other device, the port immediately shuts down and the IT dept is notified via email.

You can also do some other cool stuff but we'll save that for another day.

Isnt an IT Email and shutting off the port kinda an overkill? Just denying any traffic would be more than enough

**BillyCarpenter** · 11-30-2022

Originally Posted by techsxge

For personal Devices, there will always be a guest network for as long as i am around. There, they can fight over any ip address they want with themselves but i dont care if they say "ip x is blocked". No personal device has anything to do in a companies network. NEVER. Had seen way too many companies been hacked because a Employees private Notebook got hacked and they shared files from that notebook with colleagues. That is kind of like putting the banks safe key next to the door.
If they need a static IP in that Guest Network for their device for whatever reason no problem, i'll add that.

What are you talking about? A wireless guest network?

I thought we were talking about plugging a device (laptop or otherwise) into an ethernet port?

**BillyCarpenter** · 11-30-2022

Originally Posted by techsxge

Isnt an IT Email and shutting off the port kinda an overkill? Just denying any traffic would be more than enough

Well, lets think about it. If a company has highly classified information stored on their server, wouldn't you want to be notified the second an unauthorized device was plugged in and that port be shut down immediately? That's why switches have this feature.

**BillyCarpenter** · 11-30-2022

techxsge asked a good question: Why would you want to shut down a port...isn't that overkill? Good question.

I remember when I was going thru CCNA course on Port Security, they brought up an interesting scenario. Some may find this interesting. Forget about an employee bringing in a laptop. Let's focus on a hacker trying to steal sensitive information. What if the hacker is using an Attack Tool that is flooding the switch with Mac Addresses? Remember that a switch has a Mac Address Table that is stored in memory. The attack tool can flood the switch with 1000's of mac addresses in a short amount of time. This will cause flood the memory and the switch will forget all of the good mac addresses and bring down the entire system. Moreover, the hacker can now intercept all known good mac addresses and use a mac spoofing tool. It's bad news.

From my understanding, Port Security is used in all major organizations.

**BillyCarpenter** · 11-30-2022

One last thing. We can tell a switch to only learn 1 mac address for a port or several macs. If an unauthorized device is plugged in, we can use 3 different violation modes:

1. Shut down - the port is shutdown and an admin must turn back on.

2. Protect - This simply mean that the switch will not put anymore mac addresses in its CAM table and no packets will be forwarded except on authorized devices. Protect mode doesn't generate an alert message or email.

3. Restrict - Lets only authorized mac addresses communicate on the network and generates alert messages and logs. (it keeps a daily log of port activity. )

**slimslob** · 11-30-2022

Originally Posted by BillyCarpenter

There's another way to do this and it's probably the best method, IMHO. You can bind a mac address, or two, to a specific port on the switch. If someone comes along and plugs in a laptop or other device, the port immediately shuts down and the IT dept is notified via email.

You can also do some other cool stuff but we'll save that for another day.

And if the main company network also includes WiFi, you can also block devices by their mac, or to be more precise, you can only allow specific devices, even on home WiFi networks. Of course there are a lot of so called IT people out there who do not know or do not care. We have all encountered them. Think they are better than a lowly copier man until one of us determines the cause of a network problem in less than 5 minutes that they have been working on for hours.

**BillyCarpenter** · 11-30-2022

Originally Posted by slimslob

And if the main company network also includes WiFi, you can also block devices by their mac, or to be more precise, you can only allow specific devices, even on home WiFi networks. Of course there are a lot of so called IT people out there who do not know or do not care. We have all encountered them. Think they are better than a lowly copier man until one of us determines the cause of a network problem in less than 5 minutes that they have been working on for hours.

True. You probably remember me talking about this on the board. I set up several lightweight access points and a WLAN (Wireless LAN Controller) on a Radius Server. It's basically Active Directory for Wireless. You sign in to the wireless network with the same credentials and only have access to the information that was granted to you. The Lightweight Access Points don't do any of the heavy lifting. It's all done on the WLAN controller and you can control everything from there.

**blackcat4866** · 11-30-2022

Originally Posted by BillyCarpenter

One last thing. We can tell a switch to only learn 1 mac address for a port or several macs. If an unauthorized device is plugged in, we can use 3 different violation modes:

1. Shut down - the port is shutdown and an admin must turn back on.

2. Protect - This simply mean that the switch will not put anymore mac addresses in its CAM table and no packets will be forwarded except on authorized devices. Protect mode doesn't generate an alert message or email.

3. Restrict - Lets only authorized mac addresses communicate on the network and generates alert messages and logs. (it keeps a daily log of port activity. )

Maybe I don't understand all the variables, but "Restrict" seems like the best option to me. It allows authorized activity, it blocks unauthorized activity, and it records data on a log. I think that covers all the bases. =^..^=

**BillyCarpenter** · 11-30-2022

Originally Posted by blackcat4866

Maybe I don't understand all the variables, but "Restrict" seems like the best option to me. It allows authorized activity, it blocks unauthorized activity, and it records data on a log. I think that covers all the bases. =^..^=

That's the one that I like the best.