+ Post New Thread
Results 1 to 15 of 15
Hardware Thread, Unknown / unwanted Netgear FS726T 24 Port Switch on my Network? in Technical; Just having a shufty in DHCP to check everything was okay and came across an IP address lease with no ...
  1. #1

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,162
    Thank Post
    1,924
    Thanked 1,358 Times in 748 Posts
    Blog Entries
    3
    Rep Power
    400

    Unknown / unwanted Netgear FS726T 24 Port Switch on my Network?

    Just having a shufty in DHCP to check everything was okay and came across an IP address lease with no name. I can ping it. So I put the IP address into a browser and lo and behold it's a Netgear FS726T Smart Switch - password protected.

    We've never had this make/model onsite. Now bemused and baffled and a bit angry in case some muppet has brought their own kit in and plugged it in for some reason?!

    We're a biggish site but we can't see it anywhere after a trawl. Any ideas? I have installed the Netgear Smart Control Centre utility but it can't find it.
    Last edited by tech_guy; 17th January 2014 at 04:41 PM.

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,515
    Thank Post
    627
    Thanked 1,173 Times in 900 Posts
    Blog Entries
    15
    Rep Power
    524
    Start disabling access to chunks of the network until it stops pinging to narrow it down, work your way down from there. When it stops pinging, there's where you search from.

  3. #3

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,126
    Thank Post
    217
    Thanked 1,353 Times in 826 Posts
    Blog Entries
    4
    Rep Power
    528
    Check the ARP cache to find the mac and then use that to find out what port it's in on the core switch (if you can do that on your switch)?

    could be a starting point: Some tips to find rogue devices on your network | Ken's Network

    then

    "'show mac-address-table | include <mac address>" (on a L3 cisco switch)
    Last edited by Domino; 17th January 2014 at 04:46 PM.

  4. #4

    featured_spectre's Avatar
    Join Date
    Nov 2008
    Posts
    12,503
    Thank Post
    1,684
    Thanked 2,054 Times in 1,491 Posts
    Blog Entries
    2
    Rep Power
    464
    If what Domino suggests doesn't work, go on the comms cabinet after hours, unplug 1 building at a time, ping it, once you found the building, go to that comms cabinet, unplug 1 room at a time, rinse and repeat until you find the room. It is a time consuming method, but it worked when I had to find equipment which was plugged in and I didn't want!

  5. #5

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    3,104
    Thank Post
    161
    Thanked 655 Times in 588 Posts
    Rep Power
    169
    Can you set a Deny in DHCP so it can't get an address? Not sure if this'll stop it from passing traffic, but if it does, you'll quickly find it when people squeal about it!

  6. #6
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    729
    Thank Post
    5
    Thanked 159 Times in 148 Posts
    Rep Power
    56
    Not having an IP address will do nothing for blocking it from functioning, as the IP is purely for the web admin console on this model.
    I assume you've tried the default password for the switch.. if not and it works you could always setup vLan's on it so that the attached devices can't connect... that will certainly get a few calls.

    otherwise the only trick is unplug stuff til it stops responding and narrow it down that way.

  7. #7

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    3,104
    Thank Post
    161
    Thanked 655 Times in 588 Posts
    Rep Power
    169
    Quote Originally Posted by Boredguy View Post
    Not having an IP address will do nothing for blocking it from functioning, as the IP is purely for the web admin console on this model.
    Thought that may be the case. Could it be in a suspended ceiling somewhere? Seen that trick pulled a few times. The idea of pulling links until it goes offline seems to be best.

  8. #8
    willtech's Avatar
    Join Date
    Jun 2010
    Location
    in a server room
    Posts
    30
    Thank Post
    6
    Thanked 4 Times in 3 Posts
    Blog Entries
    1
    Rep Power
    10
    not sure if this helps but default password for a Netgear FS726T is normaly if it has not been changed is: password

  9. #9

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    are you on an RBC internet without a firewall?

    Rob

  10. #10

    Join Date
    Oct 2013
    Location
    Leicestershire
    Posts
    54
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    12
    Don't know what your other switches are, so just few starters for 10. You should be able to find the MAC address out from DHCP so you could do show mac address-table address, this would tell you what port on what switch this is connected to (if its a trunk then do the same on the next switch up). show cdp neighbors can also give you a starting point as would show lldp neighbors (cisco) show lldp info remote-device (HP/ Others) I think. The other commands tend to work on most switches the outputs are shown in different ways but it should start getting you to the physical switch port that the switch is connected to, then the rest is down to finding out where its terminated.

    Oh and just a word to the wise unplugging sections of your networks to find errant devices is like carpet bombing to swat a fly, although you will take down the fly the collateral damage to the rest of your network and its users is a little much! we have far better tools than carpet bombing to find devices on our networks.
    Last edited by HPlum78; 20th January 2014 at 09:38 AM.

  11. #11
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    729
    Thank Post
    5
    Thanked 159 Times in 148 Posts
    Rep Power
    56
    Quote Originally Posted by HPlum78 View Post
    Oh and just a word to the wise unplugging sections of your networks to find errant devices is like carpet bombing to swat a fly, although you will take down the fly the collateral damage to the rest of your network and its users is a little much! we have far better tools than carpet bombing to find devices on our networks.
    Not really that much of a "carpet bombing", more like "Laser Guided bomb"
    I'd class us as a fairly large site with 13 different buildings, and it only takes about 10 seconds to disconnect the Cat 5 uplink cable from each building's fibre link, see if the device has stopped responding and then reconnect. For most users at the end of a day they would not notice the small blip and at least provides a rough location to perform a more in depth search.
    Using the lookup tables on switches only works if the switch has an interface you can use, and records that information.

  12. #12

    Join Date
    Oct 2013
    Location
    Leicestershire
    Posts
    54
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    12
    Each to their own, I have just ran this by the network guys at the uni and they have just said yeah that's what to do, how about you start at 16:00 hrs and then at 16:01 clear your desk and collect your cards from the front desk! I suppose this can only happen in the primary and secondary education sectors!
    Last edited by HPlum78; 21st January 2014 at 12:42 PM.

  13. #13

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Schools are *very* different places to universities. A university requires 24 hour networking. Schools more than often don't. Here, 5pm is our 'end of guarenteed service' time. So, things can and do get turned off after that time for diagnostics etc...

    We don't have the time, funding or staff for more formal methodology of tracking things down. The fact you have 'network guys' indicates the difference - we have "me" and "my technician".

  14. #14

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,162
    Thank Post
    1,924
    Thanked 1,358 Times in 748 Posts
    Blog Entries
    3
    Rep Power
    400
    I can't do it here - too much stuff attached all over the place that has hissy fits if it loses the network and also users in at all sorts of weird and wonderful hours. Nightmare at times trying to do certain tasks.

    We're thinking someone has it stuffed it in a cupboard or the like doing something we haven't been told about.

    It's recent though as it wasn't knocking about the other week.

    We'll find it soon.

    Thanks for all your comments. I'll let you know the outcome!

  15. #15

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,529
    Thank Post
    527
    Thanked 2,648 Times in 2,049 Posts
    Blog Entries
    24
    Rep Power
    925
    Might it be time to introduce some form of NAP/NAC? To prevent such things in future?

    I know its a pain to admin, but it does cut down massively on incidents (we run it here to prevent people plugging their random devices in all over the place).



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 6th May 2011, 04:20 PM
  2. Replies: 1
    Last Post: 21st January 2011, 05:19 PM
  3. [For Sale] Netgear GS724T 24 Port Gigabit Smart Switch
    By featured_spectre in forum Classified Adverts
    Replies: 4
    Last Post: 22nd May 2010, 10:13 AM
  4. [Wanted] Cisco 2950 24 port switches
    By Sunderwood in forum Classified Adverts
    Replies: 16
    Last Post: 1st April 2010, 12:00 AM
  5. Macs on my network
    By Simcfc73 in forum Wireless Networks
    Replies: 5
    Last Post: 5th February 2008, 07:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •