3 Replies Latest reply on Dec 3, 2013 9:50 AM by RichardLetts

    Any way to delete MAC Address

    reylas

      We have added all of our MAC addresses across the company and would like to be able to remove old MAC addresses from the system after they have been retired.  Is there anyway to remove the MAC address from the database and white list?

       

      I have created a resource that lists MAC addresses that have not been seen on the network in over 30 days.  This way, when a device (say VM Server) is removed/retired we can also remove it from our white list and remove it from UDT.

       

      Is this possible?  How long will a MAC address stay in the database past its "last seen" date?

       

      Thanks,

      Mark S.

        • Re: Any way to delete MAC Address
          michalB

          Mark,

          whitelist needs to be edited manually, so you'd have to remove the MAC addresses from your filters. As for the endpoints, you would have to remove them directly from the database and then restart the services.

            • Re: Any way to delete MAC Address
              reylas

              That is part of the issue.   We have several thousand MAC addresses in our whitelist.  We are using this product to watch our network for rogue devices to attach.   When we remove a device, we would like to be able to easily clean our whitelist.

               

              I cannot find a way to monitor the "last seen" date of a whitelist entry.  We want to be warned if a whitelist entry has not been seen for 30 days.   Then we make a decision to delete the entry from the whitelist.   What I have found is that the whitelist is only stored in one field as an xml entry in the database.   So there is no way to easily tell if an endpoint is in the whitelist.

               

              We do not want our whitelist to be full of junk.   After using the product for two months, we already have 40 endpoints that are no longer on our network.   With no way of deleting endpoints, or no way of seeing the last seen date of a whitelist entry, we are kinda stuck with a junk filled whitelist.

                • Re: Any way to delete MAC Address
                  RichardLetts

                  Sounds like a good idea for a feature request.

                   

                  as an aside, I'm not convinced that the whitelist feature is really that useful.

                  In my current environment (a University) I don't care who plugs in to the network (a BYOD environment),

                  in a previous environment I did (PCI-DSS and serious about security), and we made use of VMPS/FreeNAC; today I'd deploy 802.11x. Unknown devices would get punted to a guest VLAN with a captive portal to identify the owner & authorize it's attachment to the network (could be part of a BYOD strategy).