Hi folks. I'm solid on TCP/IP and routers, but weak on managed switches. I inherited a several-hundred-host network with really poor physical access control (a private school), plagued by frequent "user plugged a home router into a port for some reason" type issues.
I've got a TP-Link Jetstream smart switch, and I'd like to implement port security such that only the device plugged into port 1 of the switch will be allowed to ARP broadcast itself as the gateway's IP address.
There's an IP/MAC binding dialog in the switch's configurations, but I'm finding it fairly impenetrable - I'm not sure if it keeps the switch from speaking to that MAC unless it's plugged into that port, keeps that port from speaking to anything without that MAC, or what.
Can anybody help? It's been a frustrating weekend of manually bisecting the network looking for rogue devices by hand (there were dumb switches only, until I deployed this Jetstream - I couldn't even see traffic per port!) and I'd really like to avoid a repeat of the experience. :)
No comments:
Post a Comment