I was wondering if there is a way to set up Device tracker to alert us if an unauthorized device connects to our network. Currently we receive those alerts from another server managed by a consultant. we are trying to get it set up in Solarwinds. Am I at the right place?
In UDT you can build a whitelist of allowed devices (it checks via MAC, hostname, or IP). You'll need to be monitoring all of your switchports (including AP uplinks) in order to make sure you have full visibility. There are canned alerts that will notify you if you have rogue devices, and at the moment there isn't a native feature that lets you shut down a switchport but this can be scripted if you want to dive into the API. You also should know that the default polling intervals for UDT are 30min so I wouldn't rely on this tool as a method of keeping bad actors off your network, if that's your intention.
How effective do you find this method? Our Dell Laptops with docking stations have at least 4 MAC addresses and by default create new ones. We are about ready to trash UDT because we are finding the whitelist nearly impossible.
Hey @nickzourdos ,
Can you expound upon this solution? Or state point me to this in the manual?
I just recently connected my AD controllers so I am getting login information. It would be *WONDERFUL* if I could stop whitelisting workstation MAC addresses.
Question was pertaining to whitelisting devices and your response was:
"We don't. We use UDT to match AD information to client devices so our netflow data has usernames tied to it"
It sounded like to me that instead of whitelisting workstation MAC addresses, that you some how allow AD to reconcile all that.
We want to detect Rogue devices on our network and the administration of whitelisting workstations (and cleaning up decommissioned workstations) is cumbersome.
Sounds like we may stay away from UDT. Will probably just stick to what we have. Seems to be dependable. I dont manage it but I will probably have to learn.
I will keep researching other ways also. Some of my peers at other locations are having the same issues. I will make sure I keep you guys posted.
Thanks so much, really appreciate it. Yea I have a feeling we may have to stick with the system we have now for that . I may have to learn Linux so that I can take over that duty maybe.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.