[unisog] Network security police no hubs/switches/routers?

Matt McBride Matt.McBride at utah.edu
Mon May 23 18:29:26 GMT 2005

Hash: SHA1

Vijay S Sarvepalli VSSARVEP wrote:
> We have just spelled out some policies that no hubs/routers are to be 
> connected to the network.  There seems to be  a lot of
> resistance for this policy.  I know the technical reasons for not allowing 
> this, but anybody have a lay man explanation in their policy 
> about "Why hubs/routers are not allowed on the campus network?"
> If you have one please do share.  If you have a strong network security 
> that limits what type of devices attach to the network, again 
> in non technical terms please do share this as well.

Most reasons for not allowing end-users to randomly plug network
equipment into a supported administrative system are purely technical in
nature. Of those mentioned already, one of the big reasons some may over
look is the potential for L2 spanning-tree loops. This threat will
undermine any stable network rendering it unavailable if the STP fails
to place a port in block state. And, at a minimum, the network will see
problems at least until the STP timers have expired. Granted Rapid STP
may decrease the time you experience problems but they still pose a
threat to the availability of a network. This is one reason why manually
placing your root bridge for each vlan is so important.

- -Matt

- --
Matt McBride / University of Utah
Network Engineer / CCNP CCDP CISSP
585 Komas Dr Ste 202, Salt Lake City, UT 84108
Contact: 801.585.1043 / Alt: 801.232.8007
Reply To: matt/dot/mcbride<at>utah/dot/edu
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the unisog mailing list