Switch Security/Management

Unanswered Question
Aug 21st, 2008

Is there an application/device out there that will tell me if a new device has been added to our network?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
nguyenvinnie Thu, 08/21/2008 - 15:01

Any of these app will alert us when a new device is being added to the network?

Today, one of our user decided to connect a DSL router to one the data jack in his cubicle and for some reason the DSL router starts giving out IP to a few workstations that locate only on the same 48 ports 4507 blade.

sachinraja Fri, 08/22/2008 - 02:24

Hello vinnie

Any network management software can actually detect devices on the network using two basic protocols - ICMP & SNMP. the biggest challenge for the administrators, is to scan the whole network on a periodic manner, to detect these devices, which becomes too complex in a BIG lan network. it is too complicated and pushes a lot of icmp broadcasts on the network.

The best way to control injection of non-standard devices on the network, is to have a full control of the network on Layer 1 & Layer 2. For eg, u can implement technologies like dot1x, layer 2 security (DHCP snooping, arp inspection ) etc, which can prevent such things to happen (DHCP issues as specified by you). Also , u can have all unused ports shutdown, so that whoever wants to put a new device, you are alerted !!! have unused ports on a dummy VLAN, which is shutdown.. doing all these you can easily track addition of new devices. Network management devices can do this, but its too complicated !!!


Hi There

You have already beengiven pointers to applications that you can use to find out if any unauthorised devices have been connected to your network.

A preventative measure that we use is that all switch ports which have not been officially allocated by the Network Admin Group are both disbaled and assigned to a dummy (VLAN created for this purpose) VLAN (not VLAN 1).

This way nobody will find a empty live port to connect anything to.

This still leaves the possibility that someone could connect a unauthorised device to the network by unplugging an authorised device and plugging in their device. If this is a big worrk, it could be overcome using port security.

Also if you are using DHCP on your network and can easily view the IP lease information, then this would also be a place where you could see what IP addresses are assigned and to what.


Best Regards,


stephenshaw Fri, 08/22/2008 - 04:51


many companies I have worked for actually have a corporate policy stating that unauthorized equipment installs are against policy and the person would be subject to dismissal. Shutting down unused ports is best but doesn't prevent someone from connecting to a live port unless other security measures are done.

nguyenvinnie Fri, 08/22/2008 - 09:26

From everyone's suggestions I think I have found a feature that will help managing our network security issue.

I am looking at port security with sticky MAC addresses document and it looks pretty good,

are there any cons to this feature?


scott-baker Fri, 08/22/2008 - 10:52

The biggest con will be your administrative overhead. We do the same thing here and depending on the leadtime we get, it takes about a day or two to resolve the issue.

jonesm111 Fri, 08/22/2008 - 14:59

The only real con is having to do the port admistration each time a system moves or is replaced..



This Discussion