Tracking non-Meraki switches on a network

NJNetworkGuy100
Getting noticed

Tracking non-Meraki switches on a network

Anyone have any good ideas for finding and tracking non-Meraki switches that someone (i.e., someone not on the network team) might plug into a network that is supposed to be full stack Meraki?  

 

You know, those times when a third party vendor (like a security or AV installer) or a user in an office might plug in a cheapo switch to add more ports to a spot in the office, but not tell anyone in IT?

 

Just looking for ideas that others might have come up with, or if there is some Meraki feature I haven't thought of yet....

4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal

The “prevent” option would be to implement 802.1X in single host mode. It would not act on an unmanaged switch alone, but on the second device on it.

Another and more easy step would be to enable BPDU guard on all user facing ports. Again, not for the cheap unmanaged switches.

A “detection” method would be to look for ports with more than one MAC address. I didn’t look but would assume that this should also be possible with the API.

cmr
Kind of a big deal
Kind of a big deal

If you look at the client list and sort by port number then where you have a switch you will see multiple entries.  I use that method sometimes and have found a fair few switches we forgot about...

 

NFL0NR
Building a reputation

You can set mac allowed list.  I believe if you leave it blank that will prevent anything from being "authorized" on that port until you specify the mac address

cmr
Kind of a big deal
Kind of a big deal

If the other switch supports either CDP or LLDP then it will show up as a diamond icon in the topology of the network.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels