MARS switch port up/down rule

Unanswered Question
Apr 5th, 2010
User Badges:

There is a rule in MARS which fired when any port in the switch go down and up, every day big number of incidents happening for this rule, but it dose not show me the source IP address it show only the destination IP address.


I need to know which user connect to that port.

And why the ports go up and down.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 04/06/2010 - 01:32
User Badges:
  • Cisco Employee,

You would need to look into the switch syslog itself. If the switch syslog messages are not showing you the reason, MARS will not show you the reason. MARS will only show you whatever the switch syslog shows, so if switch syslog does not show you the reason, MARS will not know the reason.

You would need to investigate the switch.


MARS just provides a central repository for all the syslog messages, and if there is something that you need to investigate, you would need to go physically to the switch to troubleshoot as per normal. MARS will not tell you information that the switch does not provide.

Mohammed Attif ... Tue, 04/06/2010 - 02:20
User Badges:

ok but what you think why the switch ports go up and down like this?

because every day many incident happen fro the same rule.

Jennifer Halim Tue, 04/06/2010 - 02:30
User Badges:
  • Cisco Employee,

What does the switch port connect to? To user's PC? if that is the case, maybe users are connecting and disconnecting the switch port / they connect in the morning when they come to the office, and disconnect the cable when they left.

Mykola Srebnyuk Tue, 04/06/2010 - 02:55
User Badges:

halijenn  is right.
All information MARS get from syslog message.
If syslog message from Switch dont contain information about what user are connected to port MARS dont help you.
If you have PC --->>>> 802.1x ---- Switch >>>> Radius Server USE logs from Radius server.
Or write custom parsers.
Mohammed Attif ... Wed, 06/30/2010 - 03:49
User Badges:

Ok can I see which user is connect to that port which go up/down, I mean is it possible that I can now the user IP address ???

Actions

This Discussion