We spend so much time on the network side of things, dealing with IP addresses, URL’s, MAC’s etc. that often the physical location of a device is all but forgotten. When things are going well, this isn’t much of a problem. We know that all the devices are out there somewhere, tethered to the rack of switches. But what happens when things aren’t going so great? Port tracking software bridges the gap between the network and physical world. Below are a few scenarios that illustrate the value of knowing where things are and sometimes, where things were.
Security issues and rogue devices present a formidable challenge to the unprepared team. If a machine is flagged as having a virus or malware, and only an IP or MAC is given, what is the quickest method to deal with the problem? Yanking the power cord would be the most direct action, but first you’d have to physically find that device. Knowing what IP/MAC/Hostname is attached to each switch port at this moment would prove most beneficial. In fact, you wouldn’t even have to get up from your desk. Just log into the correct switch, and disable the port for the offender. The same method would apply to deal with a rogue or other unknown device. Once the IP or MAC has been detected on the network, it can then be traced to the current switch port, which ultimately leads to a physical drop. Won’t they be surprised how fast the IT Police show up after plugging in their personal wi-fi router?
Misplaced or lost devices introduce another problem that can be easily solved by integrating the network and physical worlds. How often has a computer been “borrowed” from a department, never to be returned? As with the previous example, the current physical location of the missing device can be determined with a simple lookup of the MAC or Hostname. But what if this machine was used briefly, turned off, cast aside, and forgotten about in some dark corner of a lab? If our port tracking software keeps historical data as well, we can discover the last known location of the device, which will give us a good lead in finding it now.
Digital needle in the haystack
Saving historical switch port data gives us one more twist, and that is rewinding the network a few months to find out who or what was responsible for an event in the past. Perhaps it took a few days or weeks of analysis in order to spot a trend that points back to something that needs attention. Or maybe a law enforcement agency is asking for help in identifying an individual responsible for some online activities, and all they have to offer is an IP address from the past. At this point, you can either pore through old DHCP logs, or ask your port tracking software for the history of this IP address. This can be correlated with a MAC or hostname, which will point to an individual.
An additional benefit of all this switch port monitoring is that it gives you the opportunity to view switch utilization in a concise and consolidated fashion. A rack full of switches and cables may look “full”, but just how many ports are in use? How many have never been used? Vendor-agnostic port tracking software can easily display which ports are currently in use. A glance at this information will let you know what switches are operating at or near port capacity. Click on a “dark” port to see when it was last used, or if it has ever been used at all. Reclaim enough ports on the rack and perhaps a new switch purchase can be delayed. Don’t forget the switch’s own CPU and memory utilization. As long as you’re monitoring all these ports, might as well query these values to make sure none of the equipment is overloaded another way.
Here at SolarWinds, we recognize that these scenarios can represent a lot of frustration and needless effort for an IT staff not properly equipped. Clearly an affordable, effective tracking tool is needed so that these problems will be solved with just a few mouse clicks. Would you like to see what we're working on?