[c-nsp] Good way of finding unauthorized network elements/

[Robert VanOrmer]

This may be out of your budget, but the Cisco WLCs + WCS do a great job of
this.  WCS will identify rogue access points and also identify if the AP is
"on-net" or just rogue.  It also has a containment feature that works very
effectively in quarantining APs and making them difficult / impossible to
use.  Saves a lot of grunt work with using Netstumbler or some sort of mac
table lookups on the switche3s, but requires a solid AP deployment across
the campus and some $$$. Works great if you are running a Cisco AP
environment.

 

-Rob

 

 

-----Original Message-----

From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Granados

Sent: Friday, October 30, 2009 2:09 PM

To: cisco-nsp at puck.nether.net

Subject: [c-nsp] Good way of finding unauthorized network elements/

 

Hi all

I have a general question.  I have a network consisting of about 20 access
switches and 2 core switches.  We have 3 access points that we manage but
think someone might have brought in a linksys or DLink consumer device and
plugged in.  (users, can't live with em, can't shoot em) Is there a tool or
good method that could scan the arp table and look for Manufacturor ID bits
so I could see roughly what's attached where?  Are there better tools in
general or better methods of finding rogue elements that people may attach?

Any pointers would be appreciated.

 

Thanks

Scott