Meraki

Community

Tracking non-Meraki switches on a network

NJNetworkGuy100
Getting noticed
‎Feb 1 2023 1:24 PM
‎Feb 1 2023 1:24 PM

Tracking non-Meraki switches on a network

Anyone have any good ideas for finding and tracking non-Meraki switches that someone (i.e., someone not on the network team) might plug into a network that is supposed to be full stack Meraki?  

 

You know, those times when a third party vendor (like a security or AV installer) or a user in an office might plug in a cheapo switch to add more ports to a spot in the office, but not tell anyone in IT?

 

Just looking for ideas that others might have come up with, or if there is some Meraki feature I haven't thought of yet....

0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 1 2023 1:51 PM
‎Feb 1 2023 1:51 PM

The “prevent” option would be to implement 802.1X in single host mode. It would not act on an unmanaged switch alone, but on the second device on it.

Another and more easy step would be to enable BPDU guard on all user facing ports. Again, not for the cheap unmanaged switches.

A “detection” method would be to look for ports with more than one MAC address. I didn’t look but would assume that this should also be possible with the API.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Feb 1 2023 2:29 PM
‎Feb 1 2023 2:29 PM

If you look at the client list and sort by port number then where you have a switch you will see multiple entries.  I use that method sometimes and have found a fair few switches we forgot about...

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
NFL0NR
Building a reputation
‎Feb 2 2023 7:08 AM
‎Feb 2 2023 7:08 AM

You can set mac allowed list.  I believe if you leave it blank that will prevent anything from being "authorized" on that port until you specify the mac address

0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Feb 6 2023 1:58 AM
‎Feb 6 2023 1:58 AM

If the other switch supports either CDP or LLDP then it will show up as a diamond icon in the topology of the network.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.