Questions on Initial MARS setup

Unanswered Question
Feb 28th, 2007

I have a question on the ?Topology Discovery? piece in MARS. I will be using SNMP to discover and poll all devices in the network. What I don?t want is the MARS box to scan entire subnets looking for devices. I want to control exactly what MARS is doing with respect to SNMP scanning. I want to import sections of the network via a seed file and then have MARS ?discover? the devices in that seed file without me having to use the GUI to discover each device. My first question is how do I set up the Topology Discovery to only look for devices in my imported seed file?

Second question I have is on periodic polling. There is a section within the GUI where you can set up how often MARS will go and do polling of devices. What I want is to have the Layer 2 devices polled every 5 minutes (for CAM table changes) with other L3 devices polled periodically (maybe every hour or so?. Open to suggestions on this. How do most of you set up periodic polling?). How do you set up polling of differing devices with different polling times? I would like our access layer switches polled differently than our core routers (Is this how most of you are using this?)

Third question is if via the seed file, you can have the ?Monitor Resource Use? specification set? I did not see a field within the seed file to tweak something like this.

The documentation section also noted that ?L2 devices must be manually added? but then proceeded to use the seed file approach. I can use the seed file for L2 or L3 devices can?t I?

Any other Best Practices on initial setup would be greatly appreciated. Also any words of wisdom on what not to do would be helpful as well!

Thanks

Ken

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mhellman Wed, 02/28/2007 - 13:59

"My first question is how do I set up the Topology Discovery to only look for devices in my imported seed file?"

my understanding is that topology discovery doesn't work until you manually configure it. importing devices via the seed file doesn't enable it. As part of setting it up, you can control it by using the "valid networks" setting.

"How do you set up polling of differing devices with different polling times? "

I don't believe this is configurable. When I pressed Cisco for details about when SNMP is used, I was told that devices may even be polled based on actual events coming into CSMARS. There is a totally separate 5 minute polling time when "monitor resource use" is enabled.

"Third question is if via the seed file, you can have the ?Monitor Resource Use? specification set?"

Can't answer this. I don't imagine it would be defaulted to enabled, but it should be easy to test.

"The documentation section also noted that ?L2 devices must be manually added? but then proceeded to use the seed file approach"

this just means that they won't be automatically added by the topology discovery process. A seed file will work.

"Any other Best Practices..."

verify that your devices are actually reporting into CSMARS as expected.

pmccubbin Wed, 02/28/2007 - 17:24

Ken,

You were given an excellent reply by Matthew.

All I would add is a mention about Netflow. Turn it up gradually and on VLANs without too much traffic. I would also like to mention that you should add IPS devices slowly and without too many Signatures configured as it is easy to overwhelm a MARS box with traffic from your IPS devices.

Hope this helps.

Actions

This Discussion