Rogue Detection - Knowledge Base

1. I am not seeing the data in the Rogue Detection. why ?

The Rogue Detection tool shows the details of discovered devices. Using any of the following tools will automatically show the discovered devices in Rogue Detection tool:

  1. When you scan a range of IP Addresses in Ping Scan, SNMP Scan, MAC Address Scan, or DNS Scan tools
  2. When you scan the switches using the Switch Port Mapper tool
  3. When you scan the subnets using the IP Address Manager tool
  4. When you configure the Global Environment settings by adding your routers, gateway servers, switches, subnets etc,. and schedule scanning of these devices periodically.

Questions

2. The Rogue Detection tool shows the newly discovered devices, but do not show the Switch details of the discovered device?

The possible reasons could be:

  1. You have not added all your switches in the Switch Port Mapper tool and scanned.
  2. The scanning of Switches happened before the device was detected. Try scanning all your switches again.

Questions

3. I have marked few devices as Rogue. It is not getting rediscovered. Why?

To make the devices getting rediscovered, you should delete all the devices that are marked Rogue after taking appropriate action.

Questions

4. Rogue Device Alert comes only with the MAC Address and not the IP Address. Why?

OpUtils collects the details of the MAC Addresses of the devices in the network in the following ways:

  • From the ARP table of the switches and routers added in Admin --> Routers. The details are collected the first time when you add a device here and during subsequent scans as scheduled. The data obtained from the ARP table will have both MAC and their corresponding IP addresses. The data is collected both via SNMP and CLI based on the input you have provided while adding a device.
  • From the BridgeMIB for the switches added in the Switch Port Mapper tool. The information is collected as and when the switches are scanned. The data obtained from the Bridge MIB will only have the MAC Address and not the IP Address. The data is collected using SNMP.

When you install and add all your devices in OpUtils the first time, all the discovered MAC Addresses are listed under the "Discovered" tab in the Rogue Detection tool. After scanning all your routers and switches once, you need to mark all the valid network devices as "Trusted" in the Rogue Detection tool. The MAC Addresses obtained during subsequent router or switch scans is compared with the ones that are marked as trusted and when it detects a new MAC, which is not in "Trusted" category, it shows up in the discovered tab in Rogue Detection tool. If you only see the MAC Address here, you can assume that this MAC has been obtained from one of your switches and its corresponding IP could not be obtained from the ARP tables of any of the routers/switches that you have added.

Questions