On Mon, 5 Feb 2007, Dan Oetting wrote:
On Jan 19, 2007, at 5:02 AM, Peder Magne Sefland wrote:
We use DHCP and I would like to get an sms-message when this mac-address enter the network. Can this be done today?
On a small scale such as having only 1 MAC address that you need to catch, you could configure your DHCP servers to assign this MAC a specific IP.
With the suspect confined to a known set of IP addresses you could also setup a sniffer on the external routes to capture all traffic from those IPs to see for yourself if there is abuse.
I am surprised that switches can't generate an SNMP trap whenever a new MAC address is added to it's routing tables.
You probably mean bridge table, anyway, are you sure? For Cisco I've read that you can do this:
"You can generate SNMP traps whenever a MAC address change occurs by enabling the set snmp trap enable macnotification command in conjunction with enabling the set cam notification and set cam notification historysize commands."
I haven't tested it yet, maybe someone out there has?
We have SNMP trap on TODO for NAV 3.3, we are thinking of an implementation that can trigger certain scripts on a given snmp trap oid. We see to very interesting use cases:
* when linkdown/up trap is detected update the cooresponding link value in the swport/gwport database table. * when a new mac address is seen/gone trigger a script that opens/closes corresponding machine tracker records (cam table). This script could also post alarms regarding wanted mac addresses.
- Vidar
-
vidar.faltinsenīŧ uninett.no