Solved

Identifying a rogue device

Posted on 2014-01-14
7
254 Views
Last Modified: 2014-01-20
I have inherited a network with multiple unmanaged switches that are uplinked in various parts of the building. I have experienced several issues with rogue student devices on the network causing a serious slow down and at times causing the firewall to become uncontactable.
Am I correct in thinking managed switches are the way to go or would they help me identify the rogue machine. At times its been a case of unplug everything while running a ping to the firewall and then one by one plug the cables back in!
0
Comment
Question by:Sid_F
7 Comments
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 200 total points
ID: 39779717
"Am I correct in thinking managed switches are the way to go..."  I would say yes. They give you much more options.

For example:

You can use port security to prevent rouge devices from connecting in the first place. Or you can disable ports that are not in use.

Logging is also better for managed switches showing what is connected to what port.

Just some stuff to consider.
0
 
LVL 15

Accepted Solution

by:
Perarduaadastra earned 150 total points
ID: 39779825
I would endorse pony10us' comments. However, as with most things, the more features you want, the more you will pay to get them.

As you appear to be in an academic environment, a very useful feature for your situation would be bandwidth control, so that persistent offenders can be restrained from swamping the network with their insatiable demands for "stuff" they think the organisation's infrastructure is morally obliged to provide.

I suspect that the proliferation of unmanaged devices has been driven by considerations of cost rather than fitness for purpose, and as educational institutions are often notoriously (and necessarily) tight-fisted, you might have to assemble any case for funding with exceeding care in order to obtain the kit needed to address this and similar student-based problems proactively; the alternative is to remain reactive, and you've already discovered that there's no fun to be had there...
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 150 total points
ID: 39779983
Yes, you would benefit a lot from managed switches.  Watch out for switches that are "smart" and have a GUI interface but don't provide any SNMP.  (I have some small Cisco SG200 switches and haven't been able to find SNMP on them.  Maybe that's just my having missed it but ... I'm looking into it).

You might consider this if you're going to add managed switches:
If you have the ability to add (or put into service unused) cables, then you might want to assign a mirror port on the managed switch AND run a cable from that port to a central location where you can access it with a workstation NIC and, thus, remotely.  Otherwise you will have to be at the switch with a laptop if you want to sniff switch ports.
If you have adequate port margin (i.e. extra ports) then dedicating a port to mirroring (and thus losing it from the LAN or VLAN) this is a very good idea.
A hint in doing this:
Most switches will come up with a default "TO" port / i.e. the mirror port.  Often this is E1 or G1, etc.  So, I recommend using this default as the mirror port.  This way you won't accidentally assign a mirror role to an active port and disable something that should be connected.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 26

Expert Comment

by:pony10us
ID: 39780038
fmarshall,

According to Cisco the Sx200 switch series does not support SNMP.  They had a release document that talked about it but appears to no longer be available.  

http://www.cisco.com/en/US/docs/switches/lan/csbss/sf20x_sg20x/release_notes/Sx200_RN1_1.0.0.19.pdf

They added SNMP to the 300 series. See this release notes document:

http://www.cisco.com/en/US/docs/switches/lan/csbss/sf20x_sg20x/release_notes/R_1.3.2_RN.pdf

I know I ran into the same thing here.  We put in two Sg200's
0
 
LVL 5

Author Comment

by:Sid_F
ID: 39781563
Excellent replies. I'm confident managed switches are the way to go. This site is connected via a site to site VPN. The ideal scenario would be to connect to one of the servers and be able to view all the switches from one interface (although if this means alot of added cost then connecting to each one individuall is fine)

I want to be able to view which port is showing the highest traffic (I imagine this will be a monitor situation as oppose to restricting bandwidth on ports at this point) I would like ports with high bandwidth usage to be as easy to identify as poosible for the local admin. Text based output that requires in depth networking knowledge may not be the best fit.

Hopefully you would be good enough to suggest what switches would allow for this. Thanks
0
 
LVL 26

Expert Comment

by:pony10us
ID: 39782597
Some software suggestions:

1. Solarwinds Real Time Bandwidth Monitor    http://www.solarwinds.com/products/freetools/real-time-bandwidth-monitor.aspx
2. Sourceforge Nagios     http://nagios.sourceforge.net/docs/3_0/monitoring-routers.html

We use Nagios however I have used Solarwinds in the past so both are good products. Solarwinds is probably easier to set up.

As for switches, we are strictly a Cisco shop so I can't speak to other brands. We have had a couple of non-managed Dell switches but they have been replaced with managed Cisco ones.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39794699
I prefer PRTG for monitoring.

The information I found on the SG200 switches is that the SG200-08 does not have SNMP but implies that larger units do have it.  I can't confirm the latter.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now