cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
277
Views
0
Helpful
3
Replies
MikeM-2468
Beginner

ARP alerting tool

I thought it would be easy to find a tool that would monitor my Windows DHCP server database and alert on leases to new MAC addresses.  I'm finding that not so easy.  As I thought about it, I thought it might be better to focus on reading the ARP table in my 6509 switch.  Are there any tools that will allow this? Is ARP a better option?

3 REPLIES 3
John Blakley
Advisor

I don't believe watching the arp table is going to be the way to go here. You won't be able to differentiate from dhcp assigned addresses vs statically assigned addresses that just happened to be configured without you knowing. Then there's the whole cross referencing if you were to get an alert with the dhcp server to see if it assigned it, and if not, then you just have to track it down.

I'd suggest possibly configuring dhcp snooping and then watch that database instead.  Technically, you could create an eem script to watch the database for new additions/removals and send an email based on what you see in the database. I don't have a script to do this, but I could see it being able to be done.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

The "without you knowing" is the whole point.  I need to account for static IPs too.  I need to know any device that plugs into the network.

If you don't mind getting everything that gets placed into the arp table, then an eem or tcl script is the best way to go because they live on the switch and run in the background.

There may be some premade scripts that you could use, but your switch has to have an IOS that supports eem. (Embedded Event Manager.)

https://supportforums.cisco.com/community/netpro/network-infrastructure/eem?view=all#/?tagSet=undefined

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***