Cisco MARS with clients on lan with dhcp

Unanswered Question
Mar 24th, 2010


I'm having problem with dhcp clients that are reported in MARS, MARS is almost never correct when displaying the computername via dns reverse lookup, sometimes it reports in the attack diagram ip-adress sometimes computername, but most time it is not correct when i do a manual reverse lookup on the ip, many times a been chasing the wrong computer because of this.

Only way for me is to manually delete the hosts from MARS but it's a manual job and there is hundreds of computers and just to delete one host is annoying slow, but when i do it will look ok for that host in in that particular day.

Anyone else has this issue?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Mykola Srebnyuk Thu, 03/25/2010 - 05:47

Issue exist:

You need to prepend all IP with workstations' MAC adresses on yours DHCP server.

MARS can't do this.

And you need to read something about best practicies of implementing security in network and you understand why this steps is very important

JSvanberg Thu, 03/25/2010 - 13:49


Thanks for reply.

What do you mean with prepend, to "lock" ip to mac?

Mykola Srebnyuk Thu, 03/25/2010 - 14:04

Yes, i mean "lock" mac to ip address.

And you can maintein actual registry of all new added workstations in your LAN.

And onather PLUS you can use such technology as PORT SECURITY, DHCP Binding AND AND you can automatically to appoint vlan based on your MAC.

Hm, interesting?


This Discussion