HPE Community
Switches, Hubs, and Modems
1753747 Members
4906 Online
108799 Solutions
New Discussion юеВ

Re: Identifying Rogue devices on the network

 
Jonathan Axford
Trusted Contributor

тАО01-17-2005 05:28 AM

тАО01-17-2005 05:28 AM

Identifying Rogue devices on the network

Hi Guys,

Wonder if anyone could help me with the following scenario:

I work at a large College, We use all HP Procurve gear, 9300's in the core and a mixture of 2500's 2600's 4100's and 5300's at the edge.

We have a lot of students who bring there laptops into the classrooms and plug them into the network. This means they get a DHCP address from our server so we can identify them by name, IP and MAC address as soon as they plug in. What i want to be able to do is find out, quickly, which switch port they are connected to so we can go and have words with them. The only way i can think is to do a Show Mac on the switches themselves, But with 50 or so devices, that could take forever.

Any idea's would be really appreciated. We run HP Procurve Manager Plus as well, in case that is of any use!

Cheers

Jonathan Axford
Where there is a will there is a way...
0 Kudos
7 REPLIES 7
Les Ligetfalvy
Esteemed Contributor

тАО01-17-2005 06:01 AM

тАО01-17-2005 06:01 AM

Re: Identifying Rogue devices on the network

I presume then you do not quarantine connections using HP's ACL security. Have you had a look at IDM?
http://www.hp.com/rnd/products/management/idm/overview.htm

I use Fluke OVC by configuring it to throw a trap when a new device is found. Unfortunately, OVC does not do a detailed discovery right away. I can use my Fluke WGA to query the MAC tables on all the switches but it is time consuming.
0 Kudos
Jonathan Axford
Trusted Contributor

тАО01-17-2005 07:17 PM

тАО01-17-2005 07:17 PM

Re: Identifying Rogue devices on the network

I have not looked at the IDM stuff yet. What does the quarantine feature do?
Where there is a will there is a way...
0 Kudos
Les Ligetfalvy
Esteemed Contributor

тАО01-18-2005 01:09 AM

тАО01-18-2005 01:09 AM

Re: Identifying Rogue devices on the network

I have not studied in detail yet, the access security features and am not even sure whether all the models you list support it. There is however some good reading in the PDFs that ship with the product. IDM is a new add-on to PCM+ 1.6 which I only glanced at. You can find out more about it by browsing to ftp://ftp.hp.com/pub/networking/software/IDM1-0-Release-Notes.htm
0 Kudos
Tony Barrett_2
Frequent Advisor

тАО01-18-2005 03:16 AM

тАО01-18-2005 03:16 AM

Re: Identifying Rogue devices on the network

I had a similar requirement to identify hosts on our ProCurve based network, and found a free product called NeDi which does exactly what I want. It uses CDP on the ProCurves to build up a dynamic list of network nodes, which can then be searched by name, ip, mac etc and give you the exact switch/port location of the node.

It runs on Linux, and takes a little while to setup, but it is without a doubt one of the best tools I've implemented recently (there's a new version due soon as well, promising even more features)

Check out http://nedi.web.psi.ch/ for more info
0 Kudos
Jonathan Axford
Trusted Contributor

тАО01-18-2005 03:22 AM

тАО01-18-2005 03:22 AM

Re: Identifying Rogue devices on the network

That sounds like the sort of thing, Not sure if i will be able to blag the Linux side of things though. We are a completely MS network and i have no experience with Linux yet! I asked the same question to the HP support team, They replied with

"Use the Show Mac command to see what macc addresses are on a switch"

So they weren't very helpfull! Basically, all i want to do is stop un-authorized devices from being able to access the network. I know that this is possible, but i don't know how!
Where there is a will there is a way...
0 Kudos
Roar Pettersen_1
Advisor

тАО01-18-2005 04:16 AM

тАО01-18-2005 04:16 AM

Re: Identifying Rogue devices on the network

Hello !


Maybe 802.1x is what you are looking for ?

Then users have to authenticate (usernam/password) to get access to the switch port. If they don't have a valid username/password, then they don't get access to the network.

802.1x works in Microsoft enviroment.

0 Kudos
Jonathan Axford
Trusted Contributor

тАО09-28-2005 07:31 PM

тАО09-28-2005 07:31 PM

Re: Identifying Rogue devices on the network

Cheers for th info, We are looking into the Fluke gear at the moment, and have also set up port-security on some of our network, So the rogue devices should now be prevented from access.
Where there is a will there is a way...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.