[c-nsp] Good way of finding unauthorized network elements/

Robert VanOrmer vanormer at gmail.com
Fri Oct 30 16:25:23 EDT 2009


This may be out of your budget, but the Cisco WLCs + WCS do a great job of
this.  WCS will identify rogue access points and also identify if the AP is
"on-net" or just rogue.  It also has a containment feature that works very
effectively in quarantining APs and making them difficult / impossible to
use.  Saves a lot of grunt work with using Netstumbler or some sort of mac
table lookups on the switche3s, but requires a solid AP deployment across
the campus and some $$$. Works great if you are running a Cisco AP
environment.

 

-Rob

 

 

-----Original Message-----

From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Granados

Sent: Friday, October 30, 2009 2:09 PM

To: cisco-nsp at puck.nether.net

Subject: [c-nsp] Good way of finding unauthorized network elements/

 

Hi all

I have a general question.  I have a network consisting of about 20 access
switches and 2 core switches.  We have 3 access points that we manage but
think someone might have brought in a linksys or DLink consumer device and
plugged in.  (users, can't live with em, can't shoot em) Is there a tool or
good method that could scan the arp table and look for Manufacturor ID bits
so I could see roughly what's attached where?  Are there better tools in
general or better methods of finding rogue elements that people may attach?

Any pointers would be appreciated.

 

Thanks

Scott

 



More information about the cisco-nsp mailing list