Re: Solution to ARP spoofing on 3560 and 2960 switches please

Discussion in 'Cisco' started by Paul Matthews, Apr 9, 2008.

  1. Sanal Kisi wrote:
    >I want to believe and hope that there is a solution available to this
    >problem which affects our thousands of users.


    There are a variety of ways to approach this. Most will have cost, and it is
    down to you to work out what is the cheapest way of doing it.

    You may wish to employ them in combination.

    The first thing to remember is that the users are running infected devices on
    the network. Do you have a policy about that? If not you need a security
    policy. Make breach of the policy a disciplinary event, and fire a few people.
    Once a few people have been fired for breaches of the security policy, you may
    well find that the number of infected machines reduces somewhat. A good policy
    will provide help to users in running AV software as well as just threatening
    to fire them.

    It may well be cheaper to replace all switches with 3560s to get the DHCP
    snooping feature than to throw the manpower at it.

    Set up span ports and have some form of sniffer running capturing arp
    responses/gratuitous arps. That can help identify rogue devices. You still have
    to locate them and look at what to do with them.

    Private VLANs may help - they will allow devices to talk to the router but
    nowhere else.

    Smaller VLANs will contain any incidents. If you are using a /28 any rogue
    device has far fewer devices to interfere with than on a /22.
    --
    Paul Matthews CCIE #4063
    Please post questions to the NG, NOT by e-mail.
     
    Paul Matthews, Apr 9, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ned
    Replies:
    3
    Views:
    15,984
  2. Trendkill
    Replies:
    7
    Views:
    1,359
  3. News Reader
    Replies:
    0
    Views:
    478
    News Reader
    Apr 9, 2008
  4. News Reader
    Replies:
    0
    Views:
    527
    News Reader
    Apr 10, 2008
  5. Replies:
    0
    Views:
    394
Loading...

Share This Page