04-09-2010 04:48 AM
Hello
using Ciscoworks 3.2
1. Campus Manager 5.2.1
2. CiscoView 6.1.9
3. CiscoWorks Assistant 1.2.0
4. CiscoWorks Common Services 3.3.0
5. Device Fault Manager 3.2.0
6. Integration Utility 1.9.0
7. LMS Portal 1.2.0
8. Resource Manager Essentials 4.3.1
had a look at getting Dynamic User Tracking working on our edge switches. works no problem on 2960 switches (using 122-52.SE IOS) - can't get it working on 2950 switches (tried a few IOS revs including latest). the snmp traps are sent ok by the 2950 and are received by LMS but they are dropped because of 'Security' - see below for macuhic.log and the UT debugging console. i've disabled "validate trap source" under Dynamic UT Config but the traps from the 2950s are still dropped becuse the switch IP is 'illegal' (the 2950s and the 2960 are all managed ok by LMS). what does the LMS log mean by illegal?
thanks
andy
2950 Config
ip dhcp snooping
ip dhcp snooping vlan 101
no ip dhcp snooping information option
interface Gi0/1
description ** Uplink**
ip dhcp snooping trust
interface range fastethernet0/1 - 24
snmp trap mac-notification added
snmp trap mac-notification removed
snmp-server enable traps MAC-Notification
snmp-server host YYY.YYY.YYY.YYY ********* udp-port 1431 MAC-Notification
mac-address-table notification interval 15
mac-address-table notification
Dynamic UT Debugging Console ( where XXX.XXX.XXX.XXX is the management IP address of the 2950)
Security - Dropping trap, IP in pkt: XXX.XXX.XXX.XXX, IP in socket: XXX.XXX.XXX.XXX, lsType: 3
MACUHIC.log
( where XXX.XXX.XXX.XXX is the management IP address of the 2950)2010/04/09 12:04:31 Thread-11 macuhic TRACE SocketListener: Data received from IPAddress: XXX.XXX.XXX.XXX,Packet Data: 3051020100040a6d61636e6f746966792ea440060a2b060104010909815702400492b065f9020106020
2010/04/09 12:04:31 pool-1-thread-5 macuhic TRACE Decoder: Mac Data Received from the device: XXX.XXX.XXX.XXXand entered into decode stage
2010/04/09 12:04:31 pool-1-thread-5 macuhic TRACE AsnObject: Entering isComStrCorrect():macnotify.
2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG AsnObject: community found:macnotify.
2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG AsnObject: both primary and secondary: allow all ipsXXX.XXX.XXX.XXX
2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG AsnObject: illegal IP:XXX.XXX.XXX.XXX
class com.cisco.nm.cm.ut.uhic.mac.AsnDecoder.AsnObject: CB-Error-errip: Security - Dropping trap, IP in pkt: XXX.XXX.XXX.XXX, IP in socket: XXX.XXX.XXX.XXX, lsType: 3
2010/04/09 12:04:31 pool-1-thread-5 macuhic DEBUG Decoder: SnmpPdudeviceIP : null timeStamp : 0 Processed : false
2010/04/09 12:04:31 pool-1-thread-5 macuhic TRACE Decoder: Exiting decode
Decoder Stage: deviceIP : null timeStamp : 0 Processed : false
04-09-2010 06:25 AM
working ok now - the changes i was making in "validate trap source" under Dynamic UT Config weren't having any effect. Rebooted server and now my switch IPs are 'legal' and dynamic UT working fine as well.
cheers
andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide