Need an alert when unauthorized device plugs into LAN

Posted on 2014-01-15
Last Modified: 2014-01-23
Hello Experts - I'm looking for a way to generate an email alert anytime an unauthorized device is plugged into my LAN.  No other action needs to take place, just a simple email letting me know someone has plugged in, preferably along with details including what port and perhaps information about the device.  I'm using a Cisco 4510 switch, a 5510 ASA, and a 2811 gateway.  Thanks in advance for any advice!
Question by:First Last
  • 3
  • 2
LVL 25

Accepted Solution

Cyclops3590 earned 500 total points
ID: 39782862
Since its a small network I would look into arpwatch.  It sees when an IP/mac pair changes or a new one is seen and emails you immediately.  you can then look that mac address up using 'sh mac-address-table' (might be 'sh mac address-table' on your switch) to find the port its connected to

Author Comment

by:First Last
ID: 39782927
Looks interesting but not quite what I am looking for.  I'd prefer something Windows based and that would only alert me when an unauthorized device was plugged in.  This might provide a little too much information since I'd get an email any time someone moved with a laptop as an example.  Still, if nothing else comes up this could be handy, thanks!
LVL 25

Expert Comment

ID: 39782938
actually it wouldn't alert just with a laptop moving.  that laptop must get a new IP as well.  arpwatch doesn't care about switch ports, only IP to mac mappings.

so do you only want to be alerted if an "unauthorized" client connects or prefer to block them to begin with?  also, define unauthorized.  most tools are not going to know the difference.
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.


Author Comment

by:First Last
ID: 39782957
Ah, ok, that's better than I thought then.  I don't want to block anyone, just get an email when a device that isn't plugged in now gets plugged in later.  I pictured doing a network scan and collecting a small database of what would constitute authorized devices. Any device connecting to the LAN not already in the database would trigger the alert.
LVL 25

Expert Comment

ID: 39782968
that would definitely work to.  and the database could easily be a flat file that way (since you're on windows) you could, in your script, use the find command to quickly compare.  then could just put it as a scheduled job that fires off every X minutes to do the comparison and email.  would be a simple batch or powershell script really.
LVL 45

Expert Comment

by:Craig Beck
ID: 39792377
ARPWatch is good but it will need an interface to be present in each VLAN you want to monitor.

If you only have one VLAN it's not a problem, but ARP doesn't work across routers so you'd need the PC running ARPWatch to have multiple interfaces if you do.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now