Due to changing requirements, we're needing a few extra network ports on some of the desks around here. Back in the day (as in 2017), this would be fixed by someone bringing in an 8-port switch they bought wherever, and plugging in whatever they had lying around that had an rj45-connector.
These days, we're using ClearPass for 802.1x authentication on access ports, so that doesn't work anymore. Our plan is to get a few 8-port Aruba 2530 switches (we're mostly an Aruba/HPE shop - 5412zl/R2 and 2540 access switches, L2 all the way) and set up those on the desks, with 802.1x enabled.
So far so good, but how do I stop anyone from just unplugging the switch and plugging in whatever they want in what is now a trunk port and no longer an edge access port? (Apart from the fact that they would only see a few tagged VLANs, DHCP wouldn't work out of the box etc)
Am I just not thinking straight?
No comments:
Post a Comment