We use snmptrap translator aka snmptt running on our monitoring server that sends them to a perl script that I wrote to put them into a friendly output.
~James Elliott -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Vlade Ristevski Sent: Thursday, October 16, 2014 1:44 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Wireless in Dorms Do you mind sharing what system/method you use to record the mac-notify messages and to parse them? We also have mac-notification setup but Cisco doesn't send a user friendly notification but If-Indexes with VLANs in hex instead. Its' very helpful to have put a pain in the ass to parse. On 10/16/2014 1:19 PM, James Elliott wrote: > We have a homegrown tool that uses some of the features of the Cisco Rogue > Locator Tool, without needing the infringing wireless network to be open. > We have cisco snmp mac -notification setup for all ports on campus, so we are > able to identify each where each device is plugged in on our network. We > take the mac address of the observed rogue AP and add 1 to the mac, and > subtract 1 from the mac. This gives us 3 MAC addresses to compare to what is > plugged into the network. Once the port is identified, we get an email of > the device wireless mac, wired mac, switch and port it is connected to, and > even the IP address it pulled from DHCP. > > At this point, we use our maps to identify the room number, turn off all the > ports in the room and notify Res Life of the infraction. We were able to get > most of the wireless routers on campus using this technique. > > James Elliott > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[email protected]] On Behalf Of Frank > Sweetser > Sent: Thursday, October 16, 2014 1:16 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Wireless in Dorms > > +1 to USB free USB cables as one of the more effective tools for > +combating > wireless printers. > > More and more, it's not a case of people deciding to use wireless over wired, > but instead it simply never occurs to them that they can get internet through > that funny rectangularish hole. There's not much you can do for that except > free cables and a constant, consistent education campaign. > > Frank Sweetser fs at wpi.edu | For every problem, there is a solution that > Manager of Network Operations | is simple, elegant, and wrong. > Worcester Polytechnic Institute | - HL Mencken > > On 10/16/2014 12:15 PM, Peter P Morrissey wrote: >> That has been our approach. We have 100% coverage in residences and >> there isn’t usually a good reason to have an offending device with >> the exception of devices that just won’t work on our Enterprise network that >> Lee had mentioned. >> We have found that once we explain the situation to students, they >> are fine with turning them off or allowing us to help them turn them >> turn off the WiFi feature and find a better way to connect. Most >> devices have wired connections that can be utilized, and from what I >> understand, for a gamer this gives them a slight advantage due to >> lower latency. (I could be wrong about that though as I am not a >> gamer). We also attempt to do a lot of education before and during >> opening, and have a large stash of extra long USB cables that we give >> out freely. We have people helping students move in and nip a lot of this in >> the bud from the beginning. You can get USB cables very cheap in bulk BTW. >> I’m not saying it is perfect, but we don’t get any performance >> complaints at all, although it is certainly possible that there are >> complaints that don’t get to us. >> >> Pete Morrissey >> >> *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv >> [mailto:[email protected]] *On Behalf Of *Heath >> Barnhart >> *Sent:* Thursday, October 16, 2014 12:04 PM >> *To:* [email protected] >> *Subject:* Re: [WIRELESS-LAN] Wireless in Dorms >> >> As I read the case, sending deauth's is exactly what the Marriot's >> system was doing. >> >> We used don't have that bad of a rogue issue since we upgraded our >> WiFi in the dorms three years ago. I think I had 3 this year, and I >> just track them down the best I can (by me I mean my student worker), >> and have a polite conversation with the offender. I haven't had a >> problem with this method, though I've never been faced with 700 >> rogues. What types of devices are being classified as rogues? >> >> >> >> -- >> >> Heath Barnhart >> >> ITS Network Administrator >> >> Washburn University >> >> 785-670-2307 >> >> On Thu, 2014-10-16 at 11:39 -0400, Philippe Hanset wrote: >> >> I think that the Marriott court case needs to be put into perspective. >> >> Many of us have been quarantining rogue APs without any trouble. >> >> The Marriott case is somewhat different. They were preventing all Wi-Fi >> from being enabled >> >> and they were selling theirs as the only Wi-Fi around. >> >> BTW, rogue containment is usually not "jamming". Jamming requires to >> interfere with the spectrum. >> >> Some of those smart containment software don't actually jam the >> frequency >> but send a disassociation frame to a specific client. >> >> Also a lot of us are preventing rogue APs that are actually interfering >> with the University Infrastructure on the same frequencies. >> >> Those students are actually the jammers in this case and I don't see why >> you couldn't protect yourself by preventing them from interfering with >> the >> University >> >> Wi-Fi on University grounds. >> >> As I wrote above, the Marriott case is being taken way too literally and >> being blown out of proportions. >> >> I doubt that the FCC will come to you because you are actually trying to >> provide a service to your community and for free. >> >> Just make sure that you only block channels that you are using (and a >> few >> around to guarantee non overlapping) and not ALL of them! >> >> And don't use containment on the coffee shop next door ;-) >> >> My 1.99 cents, >> >> Philippe >> >> Philippe Hanset >> >> www.anyroam.net <http://www.anyroam.net> >> >> On Oct 16, 2014, at 11:13 AM, Ian McDonald <[email protected] >> <mailto:[email protected]>> wrote: >> >> Breach of your written policy prohibiting such things isn’t a >> disciplinary matter? And can’t be fixed with your disciplinary >> system? >> >> *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv >> [mailto:[email protected]] *On Behalf Of *T. >> Shayne Ghere >> *Sent:* 16 October 2014 16:11 >> *To:* [email protected] >> <mailto:[email protected]> >> *Subject:* [WIRELESS-LAN] Wireless in Dorms >> >> Good morning. >> >> Let me say first off, we’re nearly a complete Cisco shop other than >> our Firewalls right now. We are running 3 – Cisco 5508 Wireless Lan >> Controllers and Cisco WCS. >> >> The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and have >> been spaced accordingly by Cisco and by us during the introduction >> of >> wireless in the Dorms, Greeks and Single housing. >> >> We are having a heck of a time with all the interference that the >> students bring with them making our wireless nearly unusable. I >> know >> this topic has come up in the past, but this year is one of the >> worst >> we’ve seen, and the students are getting restless. >> >> We have the ability to quarantine rogue Wireless clients, however >> according to a recent Court case against a large Hotel Chain, it was >> decided that on an open free wireless spectrum, we would be breaking >> the law in jamming it. >> >> How have you addressed this issue? I’m about ready to ask upper >> management to remove the AP’s in all the Dorm buildings and let the >> students bring their own AP’s if they want wireless. Has anyone >> resorted to this? >> >> Thanks for your input >> >> Shayne >> >> ********** Participation and subscription information for this >> EDUCAUSE Constituent Group discussion list can be found >> athttp://www.educause.edu/groups/. >> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
