Thanks kaaftab

I will test and report the result asap,

Best regards,

nocandcan

Sorry kaaftab,

NMS software mean ? Is that a tool of Solar ?

Thanks.

nocandcan

I am sorry for my late reply.

My network system was distributed in many larger factory areas. In some locations, some computers that user has accessed with administrator right, these are their private computers with some special programs, so I have not controlled admin user of these computers. User can setup IP address and access to my network.

I want to have a tool to monitor and get syslog messages as this case and to manage better my network system.

About Kiwi syslog, this is rather big tool. I would try using this tool to get syslog messages.

About SolarWinds Network Performance Monitor (NPM), I also try using this tool.

Thank you very much.

Best regards,

nocandcan

If you're concerned about users attaching computers with unauthorized locally assigned addresses, you can use DHCP snooping, IP Source Guard and dynamic ARP inspection together to make sure that only devices that have gotten their address legitimately from your DHCP server are allowed to connect.

You can change the port settings to accommodate your static addressed devices such as servers, printers etc.

Here's a link to the configuration guide section on those features. (If you have some very old switches, support might not be there on those devices.)

Hope this helps. Please rate helpful responses.

I am sorry for my late reply,.

Thank you very much for your reply,

My company of network has often changed computer lay-out, so I can not fix IP and Mac address. And current switch configuration has no configure this.

About Kiwi syslog, the price is rather expensive.

Solarwind NPM requires SQL server, I have no this database.

Best regards,

nocandcan

Well you need to invest in either time (to manually check the syslogs for every device and correlate which are authorized and which are not) or tools (to allow you to automate and correlate some of that information).

If the network changes the computer layout as often as you imply, how would you even know which were the unauthorized computers?

If you truly want zero cost to buy, run Linux on an old spare computer and setup rsyslog to accept remote syslog messages from your access switches. Review and analyze the syslog messages for the ones relevant to a a port becoming active and make an informed decision based on that analysis whether or not it's authorized or not.

Thank you very much for your reply information.

To my network system, really I have the IP address and Mac address list of the authorized devices, I often manually show Mac Address Table on Cisco switch port, then compare with this list to find out the unauthorized device. This is the passive.

So I want to find and buy a tool / application to do this without doing manually.

About the price, It does not matter but it has accepted because of saving for company but not for me.

Best regards,

nocandcan

Well, then as Marvin said you need some authentication mechanism - not a monitoring tool. 802.1x authentication can be tricky to set up if you have not done it before, but I would concentrate on that to begin with. At least, this seems to be your main concern - reading your first post.

When you got that authentication in place, you can go ahead and syslog from the switches to a central server for authentication errors. Again, as Marvin said, you can get away cheap with some simple linux syslog server, or buy one if you need an easy gui, it´s up to you really and what you are comfortable with.

An nms could look cool in a noc but in many cases those are overrated (depending on your business and design of course). If you got end users connected to access-switches - I´m sure they will call you if they go down :-)

If you want a baseline "light" nms you can alway set up a trap receiver and trap the most common things (could be the same linux server) like env mon (temp, fans etc) uplinks and so on, or syslog...

Good luck!

also check out the already mentioned technologies like dhcp snooping, root guard etc. This will give you some security in the sense of that end users cannot create loops or start their own dhcp etc. You can also set up some id:s in the dhcp that must match with client id:s in order to get an ipadress - I did this with an MS dhcp environment once and it worked quite well, but none of this will really shut unauthorized users from the network, it´s more of a good baseline.

Dear 1977bjorn

"An nms could look cool in a noc but in many cases those are overrated (depending on your business and design of course). If you got end users connected to access-switches - I´m sure they will call you if they go down :-)"

Because in my company, some computers that can a personal computer or network system room does not manage admin account, so user can own set up IP address and due to be wittingly or unwittingly happen loop or conflict network.

"also check out the already mentioned technologies like dhcp snooping, root guard etc. This will give you some security in the sense of that end users cannot create loops or start their own dhcp etc. You can also set up some id:s in the dhcp that must match with client id:s in order to get an ipadress - I did this with an MS dhcp environment once and it worked quite well, but none of this will really shut unauthorized users from the network, it´s more of a good baseline"

This is one of the methods to configure for security. I will review and configure more for my network to security.

Now, I was testing with Cacti to monitor.

But if there is any one tool using on Windows interface, this is better.

About the price, If it can be accepted, my company can buy it.

I thank your comments very much,.

And I also thank very much for the ardor support of Marvin.

You're welcome. Please rate helpful posts and mark when your question is answered.

Best Regards.