Meraki

gagan239

Hi,

I have got a task to provide a solution to customer to detect (and possibly block) rogue devices that are connected to the network involving Meraki switches? Customer has several ports that are internet only, which we could ignore. But for production ports, how do we lock those down or at least alert when a rogue device is connected?

As far as I know, we have the following options available on Meraki switch to enhance port security -
- Port schedule - disables/enable port based on a schedule
- Access policy which involves Open, MAC allow list, Sticky MAC allow list and User-defined access policy - includes 802.1x authentication(looks like the best option)
- STP Guard which involves Root guard, BPDU guard and Loop guard
- Trusted DAI - protects networks against man-in-the-middle ARP spoofing attacks
- UDLD

Need expert guidance on this.

Mloraditch

The most effective option would be an 802.1x solution.

Meraki is slowly rolling out the preview of their built in solution: https://documentation.meraki.com/Access_Manager

Cisco ISE would be a more full featured end-to-end Cisco solution.

You can also use products like NPS.

You would then rely on a combination of those systems and the various syslogs generated to capture alerts about rogue devices.

These solutions offer TONs of features and can be quite complex to setup. Depending on the customer size and need, you may want to engage with a partner who has familiarity in doing these sorts of installs.

Everything else you are discussing provides related bit and pieces that do some things, but not near everything. You should still use STP/UDLD functions in most cases to complement things and prevent issues that 802.1x doesn't handle

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

detecting rogue devices on Meraki switches

detecting rogue devices on Meraki switches