I AM SURE WE'VE ALL DEALT WITH THIS FROM TIME TO TIME....
PC's were getting re-imaged this week at one of our facilities. A few PC's were receiving 192.168.X.X IP's. What I found was that this facility had two Planet Network routers (who? Yes Planet Networks) that were connected to two different switches. Once I found them, it was easy to remove... just shut the port down and see who called in to complain .
Here's my question:
We all know that the first 6 of a MAC determines the manufacture. Would it make sense to have some sort of MAC Lookup database within UDT? Maybe something on the summary page that shows a count of each manufacture/device type that are connected to all switch ports? Would that be too much?
I guess I could create a white list, but that is similar to a NAC solution without the blocking part. With 25+ thousand devices that could get old real quick.
If I could create a white list based off of device types now that would be easier.
I know one problem would be that not all MAC address lookups are straight forward. Sometimes, MAC lookups do not return the manufacture that you would think.