HELP - Block MAC address with CiscoWorks LMS 3.0

Answered Question
Apr 2nd, 2008
User Badges:

Hello,

Is it possible with CiscoWorks LMS 3.0 to block a certain MAC address from the network and notify an administrator when the computer with that MAC address tries to get access to the network?

Please answer as soon as possible.


Thank you

Lindsay

Correct Answer by David Stanford about 9 years 1 month ago

You won't be able to do this with CiscoWorks. However, you can run UT reports in LMS that show the MAC addresses currently connected and you take action from there.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
hobbe Wed, 04/02/2008 - 02:26
User Badges:
  • Gold, 750 points or more

well i do not know if it is possible in ciscoworks but there are several different possibilities in the switches and so on.


This however does indicate that the aggressor does not know that you are tracing the mac addresses or them for that matter.


Changing the mac address is easy for anyone on basically any system made today.


so what is it that you realy want to achieve?

swizzlestick Wed, 04/02/2008 - 03:07
User Badges:

I am currently implementing ciscoworks on my network, but i don't wont that some portables (from my company - so I know the MAC's and they aren't changing soon) are able to get on my network.

if however they do get on the network I want to be notified by email or sorts


if a simple solution is possible (next to ciscoworks) that is also welcome

Correct Answer
David Stanford Wed, 04/02/2008 - 07:24
User Badges:
  • Cisco Employee,

You won't be able to do this with CiscoWorks. However, you can run UT reports in LMS that show the MAC addresses currently connected and you take action from there.

swizzlestick Wed, 04/02/2008 - 07:28
User Badges:

hi, I've tried that but I couldn't find anything that would then alert the administrator, I could only generate a report and see if that MAC address was found.

It's not really what I wanted.

But thanks for letting me know that it's impossible to do this with CiscoWorks.


hobbe Wed, 04/16/2008 - 22:59
User Badges:
  • Gold, 750 points or more

what you can/could do if it is a fairly small network is use a sniffer software and just let it roll on and have a filter that filters out everything exept these mac addresses.

when they get out on the network they will send gratitious arps or a dhcp request and you will see them instantly.


This is just 1 way of doing it.

there are a few others i could think of.


HTH


Martin Ermel Thu, 04/17/2008 - 22:25
User Badges:
  • Blue, 1500 points or more

its just an assumption - I haven't tried it yet and it requires a little bit of scripting...

with LMS 3.x there is the possibility to make use of the Dynamic UserTracking where a switch Port will send a specific Trap to Campus Manager which inturns updates the User Tracking Table. So you can periodically generate a UT report from cli (ut -cli ... see below for hlep) and let a script parse the content of the report to find matches against a given list. If successfull, send an email with the detailed data from the UT Report;

(see online help: http://:1741/help/CMcore/CmHelp/index.html?Ut_UtCli_Cmd.html


Actions

This Discussion