Look for switch ports with multiple MAC addresses off ports. There is a likely chance there is a hub or switch off those ports. If you can't see a CDP neighbor on such ports then go trace down the cables.
If there are ports with multiple MACs on them and you know these should only have 1 device then maybe you want to disable that port for time being. You could also use security features to limit ports to certain MAC addresses, etc but this is more admin overhead.
Theres also bpdu-guard which will disable a port with portfast configured that receives a BPDU on it (switches sends BPDU). In this case if a user plugs a switch in to their port and their port has portfast configured there port should be disable if their switch sends a BPDU out.
The best would be to have good control of the network and maintain an accurrate network diagram and have accurate port names/descriptions in the config of what that port is attached to.
You might be able to use a SNMP tool to probe the network and see what responds back but you need to be scanning the right management IPs on these other switches with right community strings.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...