Network administration help
January 26th, 2022
I now have the responsibility of monitoring and maintaining a large network. I have been looking everywhere online for tools and guidance to use on the network. Fact is there are so much stuff out there that I’m getting lost.
I need someone with experience in network administration to make sugestions on which software utilities are best for this type of work. Things in particular that I am having problems with are:
Rogue devices and access points
auditing
inventory
monitoring
maintainence
I can use apps on an Android device or a Windows laptop. Finding rogue devices are particularily a problem. What is recommended to find them?
Thanks everyone.
I recommend Office Excel
This post is considered spam.
Add an useful, elaborate and on-topic comment next time.
Kindly visit our rules:
www..org/rules
how large a network are we talking about ?
IPv4 or IPv6 ?
What type of switches are installed ? Cisco , HP , McData , etc. ?
What range and subnets are we talking about ?
What is the size of the DHCP Pool ?
Is there a naming convention within the company ?
Wireless clients allowed or disallowed ?
Some hints, but without further information cant give specifics :
Pull ARP Tables from the switches and have them run though an analysis tool , can be self-written … for Android : Check Fing
create a cron job that pulls the log files of the switches and runs them against a regex for errors and client connects
create a list of known MACs and which addresses are valid, invalid, etc.
For Rouge AP’s the new line of Cisco and Meraki AP’s have rouge AP detection and will squash it from working on the network. It works really well however if the SSID is not being broadcast it won’t pick it up.
For rouge devices in general if you lock down the wifi that will eliminate a lot of cell phones and portable devices. Depending on your firewall appliance and how your domain is configured, your best bet is make it so only certain Vlans and domain authenticated users have internet access. You can go the route of only adding allowed MAC’s to a whitelist which is tedious and can be easily spoofed though. We need a little more info on what you want to audit and keep track of. A rough estimate and breakdown of devices on your network would help. What server hardware and systems do you have in place now. Cheers!
how large a network are we talking about ?
IPv4 or IPv6 ?
What type of switches are installed ? Cisco , HP , McData , etc. ?
What range and subnets are we talking about ?
What is the size of the DHCP Pool ?
Is there a naming convention within the company ?
Wireless clients allowed or disallowed ?
Some hints, but without further information cant give specifics :
Pull ARP Tables from the switches and have them run though an analysis tool , can be self-written ... for Android : Check Fing
create a cron job that pulls the log files of the switches and runs them against a regex for errors and client connects
create a list of known MACs and which addresses are valid, invalid, etc.
how large a network are we talking about ?
IPv4 or IPv6 ?
What type of switches are installed ? Cisco , HP , McData , etc. ?
What range and subnets are we talking about ?
What is the size of the DHCP Pool ?
Is there a naming convention within the company ?
Wireless clients allowed or disallowed ?
Some hints, but without further information cant give specifics :
Pull ARP Tables from the switches and have them run though an analysis tool , can be self-written ... for Android : Check Fing
create a cron job that pulls the log files of the switches and runs them against a regex for errors and client connects
create a list of known MACs and which addresses are valid, invalid, etc.
IPv4
Avaya switches
Using private “10.” addresses internally CIDR = /22
1000 addresses
Names are according to room number Ex: RM22-HP-5
Unauthorized clients are not allowed. (poses a problem with rogue devices) Also I think people are bridging the wireless cards over the wired lan card and creating their own hotspot.
I think I’m going to look into creating the MAC lists of known allowed devices. And then creating a white list on the Cisco WLAN controller. Time consuming but I’m leaning this way.
Any more suggestions?
Thanks for the help!
For Rouge AP's the new line of Cisco and Meraki AP's have rouge AP detection and will squash it from working on the network. It works really well however if the SSID is not being broadcast it won't pick it up.
For rouge devices in general if you lock down the wifi that will eliminate a lot of cell phones and portable devices. Depending on your firewall appliance and how your domain is configured, your best bet is make it so only certain Vlans and domain authenticated users have internet access. You can go the route of only adding allowed MAC's to a whitelist which is tedious and can be easily spoofed though. We need a little more info on what you want to audit and keep track of. A rough estimate and breakdown of devices on your network would help. What server hardware and systems do you have in place now. Cheers!
We have older Cisco AP’s but I’ll look at that.
I’m considering creating a white list of allowed devices, blocking all devices that are not on it.
We’re using a Cisco WLAN controller.
“VLAN and domain authenticated users” do you mean a RADIUS solution?
Around 800 various devices of laptops, workstations, iPads, Kindles, etc.
Windows Server 2008 R2
Thanks for you help!
Also I think people are bridging the wireless cards over the wired lan card and creating their own hotspot.
you can create group policy to lock down Network settings hence users wont be able to bridge connections, provided users are on domain.
also state which firewall you are using?
Also I think people are bridging the wireless cards over the wired lan card and creating their own hotspot.
you can create group policy to lock down Network settings hence users wont be able to bridge connections, provided users are on domain.
also state which firewall you are using?
Also I think people are bridging the wireless cards over the wired lan card and creating their own hotspot.
you can create group policy to lock down Network settings hence users wont be able to bridge connections, provided users are on domain.
also state which firewall you are using?
Yea, there is a problem in that. Some of the laptops are not on the domain and they know the local password on some of them.
We use a product from Cymphonix for a firewall. I’m not too keen on it right now.
Basically a lot of these problems are due to the fact of IT being grossly understaffed. All I do is put out fires around the whole campus. Priorities change daily. I’ve seriously considered just systematically attacking the problems using a clean slate approach.
People are not going to like it though.
nothing is more best than Kerio network or Wingate these are the best tools currently available in the market on windows based solution, but if you want any linux based solution then clearos is the best one, unix based and i loved that too is PFSENSE