This might solve the problem by denying it an IP. I use the DHCP NetBIOS Scope ID option to keep rogue devices from even getting and IP address. http://technet.microsoft.com/en-us/library/cc958929.aspx
On Tue, Jul 27, 2010 at 11:28 AM, Fergal O'Connell < foconn...@curamsoftware.com> wrote: > Kim, > > That’s a good call > > Just to clarify that this Mac is not showing up on the managed switches > (Extreme kit.) > > All our AP’s are on a separate vLAN.# > > When I look at the manufacturer – I get WW PCBA Test – anyone know what > this is? > > I’ll have a look at http://communities.vmware.com/thread/36187 > > abit further > > > > > > > > *From:* Kim Longenbaugh [mailto:k...@colonialsavings.com] > *Sent:* 27 July 2010 16:31 > > *To:* NT System Admin Issues > *Subject:* RE: Possible Rogue device on the network > > > > As far as I know, nics on workstations don’t participate in STP, so that > would narrow your search to network devices like switches. > > > > *From:* Fergal O'Connell [mailto:foconn...@curamsoftware.com] > *Sent:* Tuesday, July 27, 2010 9:29 AM > *To:* NT System Admin Issues > *Subject:* RE: Possible Rogue device on the network > > > > I can only see that mac on a wire shark trace – > > I cant find that mac on the managed switches – > > I exported an the arp table from all our managed switches and it’s not > there. > > > > What does this mean: “MAC - 00:0f:1f:30:26:e3 is assigned to WW PCBA Test”? > MAC - 00:0f:1f:30:26:e3 is the MAC and WW PCBA Test appears to be the > manufacturer. > > Is that the box on your LAN experiencing the issue that you performed the > sniff on? I performed a wire shark trace on a VM that is connected to our > Core switch. > > Or are you suggesting that you see that MAC on the wire, and see that host > name associated with it, but don’t know where that host is? The Mac is not > associated with an IP address as it does not show up either in DHCP or the > IP arp table on the switches. > > > > > > *From:* Joseph L. Casale [mailto:jcas...@activenetwerx.com] > *Sent:* 27 July 2010 15:14 > *To:* NT System Admin Issues > *Subject:* RE: Possible Rogue device on the network > > > > You don’t have managed switches, you cant follow the mac from trunk to > trunk etc until you get to the ingress port? > > > > *From:* Fergal O'Connell [mailto:foconn...@curamsoftware.com] > *Sent:* Tuesday, July 27, 2010 8:06 AM > *To:* NT System Admin Issues > *Subject:* RE: Possible Rogue device on the network > > > > Still can’t seem to find a way to track this device though… > > I just can’t seem to find where this Mac is originating from. > > > > *From:* Richard Stovall [mailto:rich...@gmail.com] > *Sent:* 27 July 2010 12:45 > *To:* NT System Admin Issues > *Subject:* Re: Possible Rogue device on the network > > > > These guys seem to think that MAC address is from a Dell device. > > > > http://hwaddress.com/mac/000F1F-000000.html > > > > > > > On Tue, Jul 27, 2010 at 5:53 AM, Terry Dickson < > te...@treasurer.state.ks.us> wrote: > > I do not have notes on this, but if I remember correctly I have seen > something like this once in the past. The MAC is from a Wireless Connector > so look for a laptop(probably) that is connected with Wired connection but > still has wireless turned on. > ------------------------------ > > *From:* Fergal O'Connell [foconn...@curamsoftware.com] > *Sent:* Tuesday, July 27, 2010 4:34 AM > *To:* NT System Admin Issues > *Subject:* Possible Rogue device on the network > > HI Folks, > > > > We are having a sporadic network issue on our LAN which I am currently > trouble shooting – > > I ran a wire shark capture on one of the hosts that is affected and I want > to know what the following is > > I can’t find that Mac address on our network. > > I checked the DHCP and I checked the arp table on all our switches and > routers. > > MAC - 00:0f:1f:30:26:e3 is assigned to WW PCBA Test > > What I want to is find this device and turn off STP. > > > > Any idea’s? > > > > > > > > > > Regards > > Fergal O'Connell > > ICT Support > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The information in this email is confidential and may be legally privileged. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > It is intended solely for the addressee. Access to this email by anyone else > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > is unauthorized. If you are not the intended recipient, any disclosure, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > copying, distribution or any action taken or omitted to be taken in reliance > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > on it, is prohibited and may be unlawful. If you are not the intended > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > addressee please contact the sender and dispose of this e-mail. Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The information in this email is confidential and may be legally privileged. > > > > > > > > > > > > > > It is intended solely for the addressee. Access to this email by anyone else > > > > > > > > > > > > > > is unauthorized. If you are not the intended recipient, any disclosure, > > > > > > > > > > > > > > copying, distribution or any action taken or omitted to be taken in reliance > > > > > > > > > > > > > > on it, is prohibited and may be unlawful. If you are not the intended > > > > > > > > > > > > > > addressee please contact the sender and dispose of this e-mail. Thank you. > > > > > > > > > > > > > > The information in this email is confidential and may be legally privileged. > > It is intended solely for the addressee. Access to this email by anyone else > > is unauthorized. If you are not the intended recipient, any disclosure, > > copying, distribution or any action taken or omitted to be taken in reliance > > on it, is prohibited and may be unlawful. If you are not the intended > > addressee please contact the sender and dispose of this e-mail. Thank you. > > > > > > > > > > > > The information in this email is confidential and may be legally privileged. > It is intended solely for the addressee. Access to this email by anyone else > is unauthorized. If you are not the intended recipient, any disclosure, > copying, distribution or any action taken or omitted to be taken in reliance > on it, is prohibited and may be unlawful. If you are not the intended > addressee please contact the sender and dispose of this e-mail. Thank you. > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.png>>