Some of my sites share switch with contractor. So contractor's PC's default gateway is contractor router. However, potentially, someone can intentionally change their IP setting so they can get to my network too (by adding my router as second default gateway, edit routing table under Window, etc). How do I block those rogue PCs from entering my network?
1. I can ask local admin give me a list of known MACs and shut down the port that are not using. Or I can set up VMPS. The problem is I have 400 plus sites.
2. Of course I can disconnect their router from my switch. But for various political reasons, I cannot just unplug them.
3. Enforce from Window? of course they don't have our login username and password. Is there a way to be done from Window?
Well, maybe the easiest way is to plead with their Network Admin or upper management to have the admin rights removed from their PC's. Once that is done, I don't think they can change their IP address. Good luck.
if they don;t need to talk to your network, put them in separate vlan.
There is anothe solution too but with the small switches this is not possible. You have to have cat4k or cat6k series switches to implement Combination of private vlan and vacl etc to achieve whatever you are looking for--
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...