cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Highlighted

Alerts for unauthorized devices on network

Hello

I was wondering if there is a way to set up Device tracker to alert us if an unauthorized device connects to our network. Currently we receive those alerts from another server managed by a consultant. we are trying to get it set up in Solarwinds. Am I at the right place?

Thanks

Rob

Labels (1)
0 Kudos
11 Replies
Highlighted

Re: Alerts for unauthorized devices on network

In UDT you can build a whitelist of allowed devices (it checks via MAC, hostname, or IP). You'll need to be monitoring all of your switchports (including AP uplinks) in order to make sure you have full visibility. There are canned alerts that will notify you if you have rogue devices, and at the moment there isn't a native feature that lets you shut down a switchport but this can be scripted if you want to dive into the API. You also should know that the default polling intervals for UDT are 30min so I wouldn't rely on this tool as a method of keeping bad actors off your network, if that's your intention.

Highlighted

Re: Alerts for unauthorized devices on network

Thanks so much, really appreciate it. Yea I have a feeling we may have to stick with the system we have now for that . I may have to learn Linux so that I can take over that duty maybe.

0 Kudos
Highlighted

Re: Alerts for unauthorized devices on network

How effective do you find this method?  Our Dell Laptops with docking stations have at least 4 MAC addresses and by default create new ones.   We are about ready to trash UDT because we are finding the whitelist nearly impossible.

0 Kudos
Highlighted

Re: Alerts for unauthorized devices on network

Sounds like we may stay away from UDT. Will probably just stick to what we have. Seems to be dependable. I dont manage it but I will probably have to learn.

0 Kudos
Highlighted

Re: Alerts for unauthorized devices on network

I will keep researching other ways also. Some of my peers at other locations are having the same issues. I will make sure I keep you guys posted.

0 Kudos
Highlighted

Re: Alerts for unauthorized devices on network

I've never used UDT's whitelist, I haven no use case in my environment. What you're doing sounds like a nightmare, though

0 Kudos
Highlighted

Re: Alerts for unauthorized devices on network

How do you identify unknown devices if you don't have a whitelist of approved devices?

0 Kudos
Highlighted

Re: Alerts for unauthorized devices on network

We don't. We use UDT to match AD information to client devices so our netflow data has usernames tied to it

0 Kudos
Highlighted

Re: Alerts for unauthorized devices on network

Hey @nickzourdos ,

Can you expound upon this solution?  Or state point me to this in the manual?

I just recently connected my AD controllers so I am getting login information.  It would be *WONDERFUL* if I could stop whitelisting workstation MAC addresses.

Thank you!!

0 Kudos