Campus Manager Discovery and NAT

Answered Question
Nov 6th, 2007
User Badges:

Is there any issues using NAT and discovery?

Correct Answer by Joe Clarke about 9 years 5 months ago

This is not something that can easily be fixed in LMS. It needs to be fixed by adding an ALG to, for example, Cisco IOS NAT. The problem with that is that an IP PDU can show up in just about any object, so the ALG would need to be aware of the entire MIB tree (or at least support addition of objects that contain embedded addresses).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Tue, 11/06/2007 - 12:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Absolutely. There is currently no ALG for SNMP, so the embedded IP address in the SNMP CISCO-CDP-MIB PDUs will not be translated. The result will be that Campus Device Discovery will try to contact devices by their un-NATed addresses, and this will fail.

paul.coley Mon, 11/12/2007 - 09:58
User Badges:

Thats not too good in my scenario...it means alot of manual entry. Was this NAT issue fixed in any of the latest releases of CIscoworks?

Correct Answer
Joe Clarke Mon, 11/12/2007 - 10:05
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This is not something that can easily be fixed in LMS. It needs to be fixed by adding an ALG to, for example, Cisco IOS NAT. The problem with that is that an IP PDU can show up in just about any object, so the ALG would need to be aware of the entire MIB tree (or at least support addition of objects that contain embedded addresses).

paul.coley Mon, 01/21/2008 - 06:58
User Badges:

We currently use a product called IND Peregrine Network Discovery and it discovers based on SNMP and has no issue with dicovery via NAT. Since I am building this new Ciscoworks server I would like to know if I can import the device database from this third party product into Ciscoworks LMS 2.6


This would possibly save me a tonne of manual work regarding playing around with seed file and local host file.

Joe Clarke Mon, 01/21/2008 - 11:00
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

As long as you can export the device list and credentials into a CSV format that is compatible with the one DCR expects, you can certain use the third party data in LMS.


Though I am curious how this tool could do SNMP-based discovery of NAT'd devices. The same problems faced by Campus would have to affect this tool. That is, any IP addresses in embedded PDUs (e.g. ARP table, CDP cache, etc.) would not be translated. The only way I imagine it could work is if you specified a mapping file to tell it how to translate the inside addresses to global addresses.

Actions

This Discussion