Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1096
Views
0
Helpful
6
Replies

HELP - Block MAC address with CiscoWorks LMS 3.0

Go to solution
swizzlestick
Level 1
Level 1

‎04-02-2008 01:38 AM

Hello,

Is it possible with CiscoWorks LMS 3.0 to block a certain MAC address from the network and notify an administrator when the computer with that MAC address tries to get access to the network?

Please answer as soon as possible.

Thank you

Lindsay

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Stanford
Cisco Employee
Cisco Employee
In response to swizzlestick

‎04-02-2008 07:24 AM

You won't be able to do this with CiscoWorks. However, you can run UT reports in LMS that show the MAC addresses currently connected and you take action from there.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
hobbe
Level 7
Level 7

‎04-02-2008 02:26 AM

well i do not know if it is possible in ciscoworks but there are several different possibilities in the switches and so on.

This however does indicate that the aggressor does not know that you are tracing the mac addresses or them for that matter.

Changing the mac address is easy for anyone on basically any system made today.

so what is it that you realy want to achieve?

0 Helpful

Go to solution
swizzlestick
Level 1
Level 1
In response to hobbe

‎04-02-2008 03:07 AM

I am currently implementing ciscoworks on my network, but i don't wont that some portables (from my company - so I know the MAC's and they aren't changing soon) are able to get on my network.

if however they do get on the network I want to be notified by email or sorts

if a simple solution is possible (next to ciscoworks) that is also welcome

0 Helpful

Go to solution
David Stanford
Cisco Employee
Cisco Employee
In response to swizzlestick

‎04-02-2008 07:24 AM

You won't be able to do this with CiscoWorks. However, you can run UT reports in LMS that show the MAC addresses currently connected and you take action from there.

0 Helpful

Go to solution
swizzlestick
Level 1
Level 1
In response to David Stanford

‎04-02-2008 07:28 AM

hi, I've tried that but I couldn't find anything that would then alert the administrator, I could only generate a report and see if that MAC address was found.

It's not really what I wanted.

But thanks for letting me know that it's impossible to do this with CiscoWorks.

0 Helpful

Go to solution
hobbe
Level 7
Level 7
In response to swizzlestick

‎04-16-2008 10:59 PM

what you can/could do if it is a fairly small network is use a sniffer software and just let it roll on and have a filter that filters out everything exept these mac addresses.

when they get out on the network they will send gratitious arps or a dhcp request and you will see them instantly.

This is just 1 way of doing it.

there are a few others i could think of.

HTH

0 Helpful

Go to solution
Martin Ermel
VIP Alumni
VIP Alumni
In response to hobbe

‎04-17-2008 10:25 PM

its just an assumption - I haven't tried it yet and it requires a little bit of scripting...

with LMS 3.x there is the possibility to make use of the Dynamic UserTracking where a switch Port will send a specific Trap to Campus Manager which inturns updates the User Tracking Table. So you can periodically generate a UT report from cli (ut -cli ... see below for hlep) and let a script parse the content of the report to find matches against a given list. If successfull, send an email with the detailed data from the UT Report;

(see online help: http://:1741/help/CMcore/CmHelp/index.html?Ut_UtCli_Cmd.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents