LMS 3 - UT with Cisco PIX 506

Unanswered Question
May 17th, 2008
User Badges:


I have a problem with remote site and UT. The UT returns the correct MAC and port but no IP address.

It seems to IP resolution is done at the Router end.

The problem here is that the configuration is such:

Router---> PIX 506E--->Switch

The PIX 506E been the default gateway of the subnet, so I guess the UT cannot get the ip arp from PIX.

The PIX has been discovered and collected by CM.

Is there a work around ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Joe Clarke Sat, 05/17/2008 - 13:52
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The PIX, ASA, and FWSM devices are not supported by Campus Manager since they do not support CDP. therefore, you will not be able to get the ARP caches from these devices. What I've had luck with in my lab is setting up a sacrificial router on the same subnet as the PIX which does nothing but collect ARP entries. On this device, I disable IP routing, and set the ARP age timer to maximum. This isn't a perfect solution, but it does capture a lot of the ARP entries.

Joe Clarke Sat, 05/17/2008 - 13:54
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I should also add that if you leave IP routing enabled on the sacrificial router, and point all end hosts to this router as their default gateway (and configure the router to forward all its traffic to the PIX), then the ARP cache will be much more complete.

ashley_dew Sun, 05/18/2008 - 11:55
User Badges:

Yes, that is a good idea, however, the PIX is acting as VPN endpoint for a site to site VPN connection, so it is not possible.



ashley_dew Sun, 05/18/2008 - 11:58
User Badges:


I see you're point. Thx for the clarification.


This Discussion