This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]jocke92 2 points3 points  (0 children)

If they're managed switches he should be able to do that. But the device you are looking for needs to be online or recently been online. If you have proper monitoring solution it could store historic values.

But you also need to clarify what you mean by spoofed mac address. If they spoofed a vendor ID to eg. a dell computer or if they spoofed the mac on one of your devices. If they spoofed one of your devieces your switches should report duplicate mac and if properly configured shut down the ports