[mikester]

Ah...the mystical realm of 'Shadow IT' - those that do what IT hasn't done yet because they can't wait or IT costs too much.

I suspect either your network engineer coworker misspoke what he meant or you misunderstood but - it is not unheard of for something on the network to start behaving badly and do what he described. In fact, I've actually seen just that happen more than a few times. Some user has plugged in a rogue access point because they want wireless where they are in the building and for some reason it isn't there. There can be many reasons but that's another story. Then that SOHO AP/Router starts doing bad things and brings that entire VLAN down because it is handing out IP addresses for it's internal network on the external side. Now, normally this wouldn't be a problem if that AP was connected at home because on the WAN side is the service provider and they aren't listening for DHCP requests so it won't hurt them. In your office though all the clients are and it can cause real problems.

Oh, I forgot to mention. I am a Systems Engineer for a leading networking manufacture that has already been mentioned in this thread by someone who used to work for them. I also specialize in enterprise security which includes wireless technologies.

I don't know all the details of your network or your organization but if I were that network engineer and you told me you were going to do that I would ask you to let me configure it at least so that I had control over it if something went wrong. I would run it past my boss so he knew about it and if he wasn't okay with it I would not do it of course and explain to you why. I would also make sure I had the right security features in place on the network so that I either didn't care about you doing this or knew it wouldn't work.

There could be many reasons why and it really depends on the size and type of organization you have but those SOHO devices simply don't have what larger businesses need to cope with the security requirements they have. They also present significant support and security risks.

If they are planning to put wireless in your building and it is just a matter of time - I would say to talk to your management about putting your area higher on the priority list for whatever business reasons you can muster up. Otherwise, putting a rogue access point in place is likely against your companies security policy and could expose problems down the line.

That said, if your network is based on Cisco switching your network engineer should have DHCP snooping turned on so that only trusted ports can have DHCP servers behind them and your rogue access point would not be able to hand out dhcp ip addresses to other clients from the WAN side.