Is there an easy way in which we can identify illegally connected switches that have been connected to production network (at present have not got BPDU guard configured). These would have been connected to (for example) Cisco 2950 fastethernet ports (of which we have around 700 switches). Can CiscoWorks identify any of these ports that have learnt more than 1 MAC address? regards
CiscoWorks Campus Manager has reports for identifying ports with more than one MAC as well as a facility for specifying rogue MAC addresses for your network.
The report can be found under Campus Manager > User Tracking > Reports > Report Generator > Duplicates. The rogue MAC interface is found under User Tracking > Administration > Acquisition.