DX NetOps

My management is looking for a solution that allows for the detection of rogue devices on the network. Particularly unmanaged switches that you might find in someone's cubicle, the 4 or 8 port switches one might buy at bestbuy. But also to include rogue APs. I know solarwinds has something they call user device tracker.

What can spectrum offer or do in this space?

v/r,
Richard

Hi Richard,
Are these devices SNMP compliant? Or are they at least IP Addressable? Or is there no intelligence at all?
Thank you,
Bill

Hello,
We have no way of knowing if a device is ‘rogue’, meaning it shouldn’t be on your network.
Here is what we can do:
Using scheduled discoveries, we can find any device that has an IP.
If it is SNMP enabled, and you know the strings, we can model it as whatever it is.
If not we can create a pingable device.
After each discovery runs, it creates a history which contains all the devices found in that run.
And then the network admin can parse the list of discovered devices each day and see if they have permission to be on the network or not.
I think this should meet your needs.
Hth,
Rich


Thank You,
Rich Vernon

From: CA Infrastructure Management Global User Community (eHealth/Spectrum/NetQoS) [mailto:CommunityAdmin@communities-mail.ca.com]
Sent: Monday, October 07, 2013 12:33 PM
To: mb.2239493.101912394@myca-email.ca.com
Subject: [.CA Spectrum] Detecting rogue devices on the network

My management is looking for a solution that allows for the detection of rogue devices on the network. Particularly unmanaged switches that you might find in someone's cubicle, the 4 or 8 port switches one might buy at bestbuy. But also to include rogue APs. I know solarwinds has something they call user device tracker.

What can spectrum offer or do in this space?

v/r,
Richard
Posted by:richard.judson
--
CA Communities Message Boards
101914934
mb.2239493.101912394@myca-email.ca.com<mailto:mb.2239493.101912394@myca-email.ca.com>
https://communities.ca.com

I apologize as well for not being clear. I have been doing network & systems management for years. I am aware of the challenges faced when trying to deal with management and explain how network discoveries work via SNMP devices. By and large these will be dumb, or if not dumb, I will have no idea of what if any community string is being used, devices. Which means if I did a full blown ping sweep discovery in Spectrum I would end up with junk and it would be unmanageable. I would have workstations, printers, IP phones.

Having said that, there are solutions out there that do something of the sort. In looking at solarwinds, User Device Tracker, it creates whitelists based on MAC addresses, looks at what connected to ports on switches and whatever else it does.

For example, we are moving to VOIP, and we have a VOIP phone on our desk. On the back it has a port for the phone and an additional one for our PC/laptop. Well, what happens if someone plugs a Netgear 4 port switch into that addition port then proceeds to plug his PC/laptop into the switch plus 3 addition devices? Management wants a way to detect and know about that.

I have to manage a full Class A network. Doing a full ping sweep each day is not feasible, and moreover, given all the junk that would be added to my Spectrum DSS, would bring Spectrum to its knees and would basically un-usable.

Even if I stood up one or two spectrum servers just for this purpose, I would still have issues with doing a full ping sweep of our entire network and then running difference reports on what was discovered. Ugh, my brain hurts just to think about it.