Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
1
Replies

Dynamic UT in LMS 3.2 with catalyst 2950 issue

andrewswanson
Level 7
Level 7

‎04-09-2010 04:48 AM

Hello

using Ciscoworks 3.2

1. Campus Manager 5.2.1

2. CiscoView 6.1.9

3. CiscoWorks Assistant 1.2.0

4. CiscoWorks Common Services 3.3.0

5. Device Fault Manager 3.2.0

6. Integration Utility 1.9.0

7. LMS Portal 1.2.0

8. Resource Manager Essentials 4.3.1

had a look at getting Dynamic User Tracking working on our edge switches. works no problem on 2960 switches (using 122-52.SE IOS) - can't get it working on 2950 switches (tried a few IOS revs including latest). the snmp traps are sent ok by the 2950 and are received by LMS but they are dropped because of 'Security' - see below for macuhic.log and the UT debugging console. i've disabled "validate trap source" under Dynamic UT Config but the traps from the 2950s are still  dropped becuse the switch IP is 'illegal' (the 2950s and the 2960 are all managed ok by LMS). what does the LMS log mean by illegal?

thanks

andy

2950 Config

ip dhcp snooping

ip dhcp snooping vlan 101

no ip dhcp snooping information option

interface Gi0/1

description ** Uplink**

ip dhcp snooping trust

interface range fastethernet0/1 - 24

snmp trap mac-notification added

snmp trap mac-notification removed

snmp-server enable traps MAC-Notification

snmp-server host YYY.YYY.YYY.YYY ********* udp-port 1431 MAC-Notification

mac-address-table notification interval 15

mac-address-table notification

Dynamic UT Debugging Console ( where XXX.XXX.XXX.XXX is the management IP address of the 2950)

Security - Dropping trap, IP in pkt: XXX.XXX.XXX.XXX, IP in socket: XXX.XXX.XXX.XXX, lsType: 3

MACUHIC.log

( where XXX.XXX.XXX.XXX is the management IP address of the 2950)

2010/04/09 12:04:31 Thread-11 macuhic TRACE SocketListener: Data received from IPAddress: XXX.XXX.XXX.XXX,Packet Data: 3051020100040a6d61636e6f746966792ea440060a2b060104010909815702400492b065f9020106020

2010/04/09 12:04:31 pool-1-thread-5 macuhic TRACE Decoder: Mac Data Received from the device: XXX.XXX.XXX.XXXand entered into decode stage

2010/04/09 12:04:31 pool-1-thread-5 macuhic TRACE AsnObject: Entering isComStrCorrect():macnotify.

2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG AsnObject: community found:macnotify.

2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG AsnObject: both primary and secondary: allow all ipsXXX.XXX.XXX.XXX

2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG AsnObject: illegal IP:XXX.XXX.XXX.XXX

class com.cisco.nm.cm.ut.uhic.mac.AsnDecoder.AsnObject: CB-Error-errip: Security - Dropping trap, IP in pkt: XXX.XXX.XXX.XXX, IP in socket: XXX.XXX.XXX.XXX, lsType: 3

2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG Decoder: SnmpPdudeviceIP : null timeStamp : 0 Processed : false

2010/04/09 12:04:31 pool-1-thread-5 macuhic TRACE Decoder: Exiting decode

Decoder Stage: deviceIP : null timeStamp : 0 Processed : false

Labels:
0 Helpful
1 Reply 1

andrewswanson
Level 7
Level 7

‎04-09-2010 06:25 AM

working ok now - the changes i was making in "validate trap source" under Dynamic UT Config weren't having any effect. Rebooted server and now my switch IPs are 'legal' and dynamic UT working fine as well.

cheers

andy

0 Helpful
Customers Also Viewed These Support Documents