Tracking Switch Port Usage

kevin.hu · ‎04-14-2010

We have users buying their own 8-port D-link/Linksys/Netgear mini hub to connect multiple network devices. Is there an easy way to find switch ports that have multiple MACs associated with them, excluding uplink ports? Keep in mind that we have 1000 switches spread across 350 offices. We have CiscoWorks RME 4.0 to use. Any free tool that can perform such task?

Thanks!

Jon Marshall · ‎04-14-2010

Kevin

Are you wanting to find them or stop them ?

If you want to stop them then use port-security on the access switches to only allow one mac-address per port.

Jon

kevin.hu · ‎04-14-2010

Jon,

I want to find them and then provide 8-port managed Cisco switch to them. Enable port security enterprise wide would be very intensive for me and disruptive for them.

Thanks.

Kevin

Jon Marshall · ‎04-14-2010

kevin.hu wrote:

Jon,

I want to find them and then provide 8-port managed Cisco switch to them. Enable port security enterprise wide would be very intensive for me and disruptive for them.

Thanks.

Kevin

Ahh okay. Not familiar with specific tools for this. I don't have a lot of experience with Ciscoworks so not the person to answer. You may want to post on Network Management forum where Joe Clarke may well have something that could be easily modified for your use.

If you had the IP address of every switch then i would probably write a quick perl or tcl script to login to each switch, check the mac-address tables and sort through ports that have multiple mac-addresses associated with them. If you also run CDP on the switches you could then eliminate the ports that are uplinks.

Believe it or not this is the sort of thing i quite enjoy doing but i appreciate it may not be everyones idea of fun !!

Jon

kevin.hu · ‎04-14-2010

Yeah I agreed with you. With this requirement, I almost need a custom made script to accomplish this. I hope there is someone who had done this kind of thing before.

Leo Laohoo · ‎04-14-2010

What about port security? Try the following lines in the interface:

   switchport port-security
   switchport port-security aging time 2
   switchport port-security violation restrict
   switchport port-security aging type inactivity

kevin.hu · ‎04-14-2010

Thanks Leo. Port security would block their network access. I just want to find out where these hubs are. I would think CiscoWorks might have some tools for me to track it down?

Leo Laohoo · ‎04-14-2010

Hi Kevin,

I have a more effective way of "tracking them down" for you. *wink*, *wink*

Enable port security. Once the port goes into error-disable, they'll call you. You'll know who they are, where they are (and if they're pretty, their vital statistics).

If that ain't an effective way of tracking the culprits down, I don't know what is.

charlesdf22 · ‎04-14-2010

You could enable enable port-security with auto recovery and snmp traps to let you know.

snmp-server enable traps port-security

I had also thought that Nedi had some sort of mechanism built in so you can look at each port and see how many mac addresses there were. There were some other products that I have run across as well, such as NetMRI or NetDisco which should be able to do something similar out of the box.

kevin.hu · ‎04-15-2010

Thank you all. I reposted my question in network management forum and Joe Clarke said that CiscoWorks Campus Manager has exactly what I am looking for.