cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
585
Views
0
Helpful
9
Replies

Switch Security/Management

nguyenvinnie
Level 1
Level 1

Is there an application/device out there that will tell me if a new device has been added to our network?

9 Replies 9

jonesm111
Level 1
Level 1

The SNMP Protocol is typically used to do that. My favorite is Orion by solarwinds.

Otherwise you can scan your network with wireshark http://sourceforge.net/projects/wireshark/

Or if you have a linux system, do an nmap -v (network / mask)

Any of these app will alert us when a new device is being added to the network?

Today, one of our user decided to connect a DSL router to one the data jack in his cubicle and for some reason the DSL router starts giving out IP to a few workstations that locate only on the same 48 ports 4507 blade.

Hello vinnie

Any network management software can actually detect devices on the network using two basic protocols - ICMP & SNMP. the biggest challenge for the administrators, is to scan the whole network on a periodic manner, to detect these devices, which becomes too complex in a BIG lan network. it is too complicated and pushes a lot of icmp broadcasts on the network.

The best way to control injection of non-standard devices on the network, is to have a full control of the network on Layer 1 & Layer 2. For eg, u can implement technologies like dot1x, layer 2 security (DHCP snooping, arp inspection ) etc, which can prevent such things to happen (DHCP issues as specified by you). Also , u can have all unused ports shutdown, so that whoever wants to put a new device, you are alerted !!! have unused ports on a dummy VLAN, which is shutdown.. doing all these you can easily track addition of new devices. Network management devices can do this, but its too complicated !!!

Raj

keeleym
Level 5
Level 5

Hi There

You have already beengiven pointers to applications that you can use to find out if any unauthorised devices have been connected to your network.

A preventative measure that we use is that all switch ports which have not been officially allocated by the Network Admin Group are both disbaled and assigned to a dummy (VLAN created for this purpose) VLAN (not VLAN 1).

This way nobody will find a empty live port to connect anything to.

This still leaves the possibility that someone could connect a unauthorised device to the network by unplugging an authorised device and plugging in their device. If this is a big worrk, it could be overcome using port security.

Also if you are using DHCP on your network and can easily view the IP lease information, then this would also be a place where you could see what IP addresses are assigned and to what.

HTH

Best Regards,

Michael

Hi,

many companies I have worked for actually have a corporate policy stating that unauthorized equipment installs are against policy and the person would be subject to dismissal. Shutting down unused ports is best but doesn't prevent someone from connecting to a live port unless other security measures are done.

From everyone's suggestions I think I have found a feature that will help managing our network security issue.

I am looking at port security with sticky MAC addresses document and it looks pretty good,

are there any cons to this feature?

Thanks,

The biggest con will be your administrative overhead. We do the same thing here and depending on the leadtime we get, it takes about a day or two to resolve the issue.

The only real con is having to do the port admistration each time a system moves or is replaced..

---Mike

Hi

Possibly DHCP snooping can help you it will not alert you but will not allow any rouge DHCP server to assign ip addresses on the network.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/dhcp.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: