MAC Identifying help

adamsj · ‎02-20-2013

Some quick background. I work for a boarding school and through some circumstances I've ended up with a network I've never worked with or have next to no information about. I've muddled through most of it, but we're having a unique problem lately.

I have students using their machines in other students rooms, now I know I can set it up so if any mac address other than a specific one touches a port it won't work, however I haven't set that up yet. I'm being pressured by higher ups to find what kids are moving around with their computers.

So the question is semi-simple. Is there anyway to look at more than just the last mac-address that was plugged into a port? For instance is there a command where I can look at the last 5 MAC Addresses plugged into a port?

Any information is appreciated.

Thanks!

-Joshua

stephen.stack · ‎02-20-2013

Joshua

Your're probably going to need some kind of NAC solution. When a MAC ages out on a swithes CAM table, it's gone forever until it shows up somewhere else. Actively probing all of your switches with an SNMP poller for example every few mins is a possible solution, but it would be probably be resource intensive on the devices themselves.

Put a request into rConfig for this feature and at least you could have a mac address table download every 15 mins or so to track them including timestamps. Would have to work out the paticulars, but still can be done.

Regards

Stephen

==========================
http://www.rConfig.com

A free, open source network device configuration management tool, customizable to your needs!

- Always vote on an answer if you found it helpful

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Wilson Bonilla · ‎03-02-2013

Hello Joshua.

Under port-security there's a feature called sticky mac address. When a port learns a mac address that mac address will be "stick" in to the running configuration even if they are t gone from the classrom the mac address will be sticked to that port, of course there are consequences, like for example, if one kid is in class a and moves to class b, within the same local lan, that guy will have connectivity problems.

This would be applicable if you have switches in those rooms, any catalyst platform supports this configuration.

Regards

Wilson B

Leo Laohoo · ‎03-02-2013

I'm with Wilson on this. Sticky MAC is the way to go. The MAC address is learnt or configured on one port (and only one port) and you can specify what happens if a different MAC address shows up (restrict or disable the port).

Here's the configuration example:

Secure MAC Addresses

Just a warning, though. There are NIC softwares that can change the MAC address of the NIC. So if you want to find out if MAC A was ever in use in Room B, it just ain't going to work for you full time.

Another method is to assign a DHCP IP address per every MAC address. This is not foolproof either because if a kid is smart, he can assign himself a static IP address of another person who's not using it.

If the student's computers are meant to stay in one area all the time, then the most foolproof I can think of is a network cable "lock". You lock each end to the patch port and to the ethernet port. The only way out is to chop the cable off but this would also render the both ports useless until a key is produced. Panduit and ADC/TE/Krone have them and we are using some of their products in our school.