CW LMS3.2 - Campus User Tracking

Answered Question
Aug 9th, 2010

Hi :-)


topology:         coreswtich 6509 as layer 2 with FWSM for layer3


When I have done an User Tracking Acquisition and let me show an

End Hosts Report I can't see the IP-Adresses to the MACs.


Is it right that that the CW LMS is getting this data from the

layer3 network device which have an ARP-Table of all these networks/devices?



How can solve this problem?


Can I get this from the FWSM and when how?


Regards Marcus

Correct Answer by Joe Clarke about 6 years 6 months ago

No, 10 minutes is the default, but you can control this from the logon script. Just add the -sleep argument and specify a number of seconds to pause between updates.

Correct Answer by Joe Clarke about 6 years 6 months ago

Yes, it will be with one router terminating multiple subnets.  In my lab, I have just the one subnet.  ACLs would allow you to keep traffic separate.  Again, this may not be a feasible solution for you.  But without some L3 device that Campus supports, you will not get the IPs and hostnames of your end hosts via UT acquisition.  You could still get IPs from DHCP snooping or UTLite, but those would not be resolved to hostnames.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Joe Clarke Mon, 08/09/2010 - 21:33

Yes, UT gets the IP addresses from ARP tables of layer 3 devices (during acquisitions).  If Dynamic UT is enabled, IPs can also be obtained by polling the CISCO-DHCP-SNOOPING-MIB from switches.


Campus Manager does not support firewalls such as the FWSM.  You will need to use another layer 3 device (e.g. a router) to get the IPs.  What I have done in my lab is to point my servers to a shadow router which is just configured to redirect hosts to the real router.  This shadow router's only purpose is to learn ARP entries.  I then manage this router in Campus.  UT will use that router to get the ARP entries.

Marcus Hunold Thu, 08/12/2010 - 23:37

Hi Joseph,


thank you for your answer.


Can you explain what do you mean with shadow router?


In my topology all networks (each has it's own VLAN) are terminate on the FWSM.

So all have a standard gateway to this firewall.

Joe Clarke Fri, 08/13/2010 - 00:22

In this case, a shadow router would be a router with an interface on each VLAN (or one trunk interface with subinterfaces for each VLAN).  The router's IPs would be the default gateway for all clients in each VLAN.  However, the router's next hop would be the FWSM.  The only thing this router would be doing would be caching ARP entries.  As an example, the FWSM has an interface IP such as 10.1.1.1.  The shadow router would be 10.1.1.2, and all clients in that VLAN would use 10.1.1.2 as their default gateway.


Yes, this does add complexity to the network, and it may not be a feasible solution in all cases.  However, since Campus does not support firewalls, this would be the only way for it to reliably learn ARP data for the end hosts.

Marcus Hunold Tue, 08/17/2010 - 06:14

Is this example not more unsecure as to terminate the subnet at the Firewall !?


How do you seperate the different subnets - with ACLs?

Correct Answer
Joe Clarke Tue, 08/17/2010 - 23:26

Yes, it will be with one router terminating multiple subnets.  In my lab, I have just the one subnet.  ACLs would allow you to keep traffic separate.  Again, this may not be a feasible solution for you.  But without some L3 device that Campus supports, you will not get the IPs and hostnames of your end hosts via UT acquisition.  You could still get IPs from DHCP snooping or UTLite, but those would not be resolved to hostnames.

Marcus Hunold Wed, 08/18/2010 - 06:28

I tried UTLite and it seems to be a good way to fill the list...


When it(utlite33) was started with logon - it is open all day long and connect to the lms every 10 minutes.

Is this timer hard coded in that exe?

Correct Answer
Joe Clarke Fri, 08/20/2010 - 21:40

No, 10 minutes is the default, but you can control this from the logon script. Just add the -sleep argument and specify a number of seconds to pause between updates.

Actions

This Discussion