cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Alerts for unauthorized devices on network

Hello

I was wondering if there is a way to set up Device tracker to alert us if an unauthorized device connects to our network. Currently we receive those alerts from another server managed by a consultant. we are trying to get it set up in Solarwinds. Am I at the right place?

Thanks

Rob

Labels (1)
0 Kudos
11 Replies

In UDT you can build a whitelist of allowed devices (it checks via MAC, hostname, or IP). You'll need to be monitoring all of your switchports (including AP uplinks) in order to make sure you have full visibility. There are canned alerts that will notify you if you have rogue devices, and at the moment there isn't a native feature that lets you shut down a switchport but this can be scripted if you want to dive into the API. You also should know that the default polling intervals for UDT are 30min so I wouldn't rely on this tool as a method of keeping bad actors off your network, if that's your intention.

How effective do you find this method?  Our Dell Laptops with docking stations have at least 4 MAC addresses and by default create new ones.   We are about ready to trash UDT because we are finding the whitelist nearly impossible.

0 Kudos

I've never used UDT's whitelist, I haven no use case in my environment. What you're doing sounds like a nightmare, though

0 Kudos

How do you identify unknown devices if you don't have a whitelist of approved devices?

0 Kudos

We don't. We use UDT to match AD information to client devices so our netflow data has usernames tied to it

0 Kudos

Hey @nickzourdos ,

Can you expound upon this solution?  Or state point me to this in the manual?

I just recently connected my AD controllers so I am getting login information.  It would be *WONDERFUL* if I could stop whitelisting workstation MAC addresses.

Thank you!!

0 Kudos

What solution are you referring to? 

0 Kudos

Question was pertaining to whitelisting devices and your response was:

"We don't. We use UDT to match AD information to client devices so our netflow data has usernames tied to it"

It sounded like to me that instead of whitelisting workstation MAC addresses, that you some how allow AD to reconcile all that.

We want to detect Rogue devices on our network and the administration of whitelisting workstations (and cleaning up decommissioned workstations) is cumbersome.

0 Kudos

Sounds like we may stay away from UDT. Will probably just stick to what we have. Seems to be dependable. I dont manage it but I will probably have to learn.

0 Kudos

I will keep researching other ways also. Some of my peers at other locations are having the same issues. I will make sure I keep you guys posted.

0 Kudos

Thanks so much, really appreciate it. Yea I have a feeling we may have to stick with the system we have now for that . I may have to learn Linux so that I can take over that duty maybe.

0 Kudos