Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
10
Helpful
6
Replies

Try to identify specific MAC addresses when they connect to network

mark.tutton
Level 1
Level 1

‎07-27-2007 07:42 AM - edited ‎03-05-2019 05:32 PM

Hi,

We are trying to identify specific MAC addresses when they connect to the network. We have 13000 users and 1000 Cisco switches.

These MAC addresses could appear at any time and may only be on the network for a short period.

Do you know the best way (and easiest way) to locate these addresses when they connect (in total there are about 100).

I know you can look at MAC address tables and ARP tables, but this is difficult when you don't know which location or switch they will connect to or at what time. Thus, we are looking for a more automatic solution.

Have you any ideas?

Your help would be much appreciated.

Thanks,

mark

Labels:
0 Helpful
6 Replies 6

Jagdeep Gambhir
Level 10
Level 10

‎07-27-2007 07:54 AM

Mark,

You can lookup for vendor name to whom this mac-address belongs to ,

http://www.coffer.com/mac_find/?string=00%3A0D%3A65

This will give you a idea what kind of device is it.

Hope that helps

Regards,

~JG

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎07-27-2007 07:55 AM

I suggest configuring 'mac address-table notification' in the switches and setup a SNMP server to sort this kind of information for you.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/cr/cli1.htm#wp2002989

mark.tutton
Level 1
Level 1
In response to Edison Ortiz

‎07-27-2007 08:22 AM

Thankyou for responding.

I acknowledge your suggestion, but it still would intale alot of sorting through data etc.

The organisation may think about moving to 802.1x authentication in the near future. Do you know whether this would help identify these MAC addresses and as such could we then block them from accessing the network.

Or could Ciscoworks help?

I'm not expecting you to know all the answers(believe it or not), but your views with respect to above questions would be appreciated.

Thanks again,

Mark

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to mark.tutton

‎07-27-2007 08:33 AM

Maybe that's something you can ask in the Network Management section.

The SNMP server will have all the data you need, but you need a good front-end application to make this data readable and useful.

Sure, CiscoWorks will help but I'm not very familiar with the product. Openview would be another choice, to handle this SNMP data.

As far as 802.1x, it will also help but you have to create some kind of database for the allow/deny list or some kind of directory for the authentication process.

mark.tutton
Level 1
Level 1
In response to Edison Ortiz

‎07-27-2007 08:43 AM

Thanks for you advise and time.

regards

Mark

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to mark.tutton

‎07-27-2007 08:35 AM

Mark,

With Dot1x you can not identify but yes you would be able to deny unwanted user access to the network. Dot1x is a good option to have here as you have full control on the network.

Regards,

~JG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card