Solved

Need an alert when unauthorized device plugs into LAN

Posted on 2014-01-15
6
411 Views
Last Modified: 2014-01-23
Hello Experts - I'm looking for a way to generate an email alert anytime an unauthorized device is plugged into my LAN.  No other action needs to take place, just a simple email letting me know someone has plugged in, preferably along with details including what port and perhaps information about the device.  I'm using a Cisco 4510 switch, a 5510 ASA, and a 2811 gateway.  Thanks in advance for any advice!
0
Comment
Question by:First Last
  • 3
  • 2
6 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 500 total points
ID: 39782862
Since its a small network I would look into arpwatch.  It sees when an IP/mac pair changes or a new one is seen and emails you immediately.  you can then look that mac address up using 'sh mac-address-table' (might be 'sh mac address-table' on your switch) to find the port its connected to
0
 
LVL 1

Author Comment

by:First Last
ID: 39782927
Looks interesting but not quite what I am looking for.  I'd prefer something Windows based and that would only alert me when an unauthorized device was plugged in.  This might provide a little too much information since I'd get an email any time someone moved with a laptop as an example.  Still, if nothing else comes up this could be handy, thanks!
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39782938
actually it wouldn't alert just with a laptop moving.  that laptop must get a new IP as well.  arpwatch doesn't care about switch ports, only IP to mac mappings.

so do you only want to be alerted if an "unauthorized" client connects or prefer to block them to begin with?  also, define unauthorized.  most tools are not going to know the difference.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 1

Author Comment

by:First Last
ID: 39782957
Ah, ok, that's better than I thought then.  I don't want to block anyone, just get an email when a device that isn't plugged in now gets plugged in later.  I pictured doing a network scan and collecting a small database of what would constitute authorized devices. Any device connecting to the LAN not already in the database would trigger the alert.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39782968
that would definitely work to.  and the database could easily be a flat file that way (since you're on windows) you could, in your script, use the find command to quickly compare.  then could just put it as a scheduled job that fires off every X minutes to do the comparison and email.  would be a simple batch or powershell script really.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39792377
ARPWatch is good but it will need an interface to be present in each VLAN you want to monitor.

If you only have one VLAN it's not a problem, but ARP doesn't work across routers so you'd need the PC running ARPWatch to have multiple interfaces if you do.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question