Meraki

NJNetworkGuy100 · ‎Feb 1 2023

Anyone have any good ideas for finding and tracking non-Meraki switches that someone (i.e., someone not on the network team) might plug into a network that is supposed to be full stack Meraki?

You know, those times when a third party vendor (like a security or AV installer) or a user in an office might plug in a cheapo switch to add more ports to a spot in the office, but not tell anyone in IT?

Just looking for ideas that others might have come up with, or if there is some Meraki feature I haven't thought of yet....

KarstenI · ‎Feb 1 2023

The “prevent” option would be to implement 802.1X in single host mode. It would not act on an unmanaged switch alone, but on the second device on it.

Another and more easy step would be to enable BPDU guard on all user facing ports. Again, not for the cheap unmanaged switches.

A “detection” method would be to look for ports with more than one MAC address. I didn’t look but would assume that this should also be possible with the API.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

cmr · ‎Feb 1 2023

If you look at the client list and sort by port number then where you have a switch you will see multiple entries. I use that method sometimes and have found a fair few switches we forgot about...

If my answer solves your problem please click Accept as Solution so others can benefit from it.

NFL0NR · ‎Feb 2 2023

You can set mac allowed list. I believe if you leave it blank that will prevent anything from being "authorized" on that port until you specify the mac address

cmr · ‎Feb 6 2023

If the other switch supports either CDP or LLDP then it will show up as a diamond icon in the topology of the network.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

Tracking non-Meraki switches on a network

Tracking non-Meraki switches on a network