We are an all Cisco shop but user Bradford Campus Manager as our NAC solution.
When we get a report from University Policy we add the client records to a "Stolen Devices" group. When the device is reconnected we receive an email. We then either report the room # that the switch port is connected to, or we look in WCS to see what AP the client is on. We have so far recovered 3 or 4 this way. --Joe -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Lee H Badman Sent: Wednesday, December 10, 2008 1:07 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops... Going back to fat APs and WLSE (Cisco manager), I have been asking that this be made a feature in central management. As a WCS user right now, it seems very natural to want to say "alert me when this MAC address hits the WLAN" whether it be for stolen laptops or other targeted investigative/monitoring needs. The data is being collected anyway, seems like a short leap to be able to key and alarm on it. (Easy for me to say, as someone who admittedly couldn't program his way out of the men's room.) Lee -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Todd M. Hall Sent: Wednesday, December 10, 2008 11:43 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Detecting Stolen Laptops... We have home grown scripts that harvest all mac addresses from our cisco edge switches and cisco wireless controllers. We store these mac addresses in a database along with what device (and port/radio) they were connected to. With this data, it was easy for us to write a script to take a list of stolen mac addresses and query the database. If any mac address shows back up on our network we are alerted by email. On Tue, 9 Dec 2008, Hector J Rios wrote: > Date: Tue, 09 Dec 2008 23:05:54 -0600 > From: Hector J Rios <[EMAIL PROTECTED]> > Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv > <[email protected]> > To: [email protected] > Subject: [WIRELESS-LAN] Detecting Stolen Laptops... > > Once in a while we get calls from the university police department > asking us to search for stolen laptops. We use the stolen laptop's MAC > address to search in both DHCP and WCS (we are a Cisco shop). We've > never been successful in recovering a stolen laptop. So far the thieves > have been smart enough not to ever bring those laptops back into our > campus. I'm curious to know if any of you have come up with a way to > automate the detection of a wireless device. Something like waiting for > a laptop's MAC to come on the wireless network and immediately sending > an email to an operator. > > > > Thanks, > > > > Hector Rios > > Louisiana State University > > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > > -- Todd M. Hall Sr. Network Analyst Information Technology Infrastructure Mississippi State University [EMAIL PROTECTED] 662-325-9311 (phone) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
