Blocking ports on switches

As our network continues to grow, we are trying have standards as to reserving certain port numbers for access points, certain ones for printers, etc. Another challenge is to prevent ports from being used without proper authorization. Just to make things really interesting, a previous administrator bought some Cisco switches used and never got any maintenance agreements on them, so I am not allowed to replace them until a significant of ports have gone bad. Is there a way that all of these ideas can be accommodated into one manageable solution? --

One thing that I would do immediately is use the description command on each port to record what the port should be used for, what it is being used for -- and when a port does go bad, that the port shouldn't be used. When troubleshooting problem connections, being able to look in the switch and see where a connection is supposed to be can save a trip or two to the wiring closet.

Since it sounds like people outside your immediate group may be making changes to a switch, consider doing a shut command for each port that you aren't using. Unless someone steals a known working connection to use for something else, you should definitely get a call when someone tries to connect something new and it won't work.

You can even plan for a re-use of a port without prior authorization by using one of the port-security commands availble in most versions of Cisco IOS. You will need to do some research here to see what will work best for your situation.

If you still have some problems with people using ports that should be used or you would like another option to consider, Panduit has a Data Comm Blockout plug that goes into the RJ45 jack on a switch and locks into place. It can only be removed by the use of a special tool that is supplied with the plugs. You can get them in a variety of colors, so in addition to marking "bad" network ports in the switch, you can also visually flag ports reserved for access points, printers, etc, based on the color of the lockout plug being used.

Join the newsletter!

Or
Error: Please check your email address.

More about CiscoData CommPanduitVIA

Show Comments