[unisog] Network security police no hubs/switches/routers?

Clarke Morledge chmorl at wm.edu
Mon May 23 22:25:53 GMT 2005


Once folks get in the habit of thinking that it is OK to plug in hubs and 
they keep doing it for several years, such a "no hub" policy can be 
difficult to enforce.  The common excuse I hear is: "Why should I pay for 
an extra network connection (with the extra wiring involved) when I can 
run down to Walmart and pick up a cheap network hub?"

Many users tend to think that a "no hub" policy is some sort of "unfunded 
mandate".  What they do not realize, of course, is the cost of supporting 
all of the problems associated with these hubs.

I've had several instances this year where a cheap hub started to send 
packets received on the uplink interface back out the same uplink 
interface.   Unfortunately, the hub filtered out the Spanning Tree 
packets, so I effectively get a unicast/broadcast packet storm without the 
means of detecting the problem -- other than the thrashing L2 tables in 
our switches.  What a mess.

So my challenge is to show that allowing these cheap hubs actually costs 
the university MORE money in the long run.  But alas, I haven't been able 
to convince everyone yet about this :-(

Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187

On Mon, 23 May 2005, Vijay S Sarvepalli VSSARVEP wrote:

> We have just spelled out some policies that no hubs/routers are to be
> connected to the network.  There seems to be  a lot of
> resistance for this policy.  I know the technical reasons for not allowing
> this, but anybody have a lay man explanation in their policy
> about "Why hubs/routers are not allowed on the campus network?"
>
> If you have one please do share.  If you have a strong network security
> that limits what type of devices attach to the network, again
> in non technical terms please do share this as well.
>
> Thanks
> Vijay


More information about the unisog mailing list