My customer uses an ASA firewall as a default gateway.
In the Supported Devices Table for Cisco Prime LAN Management Solution 4.1 I see:
The following features are not supported:
Network Topology Layer 2 Services
Now I realize that the user tracking needs to get an ARP table from this device to provide IP details to the user tracking reports.
Very simple, very straight forward. Not?
But it is a part of the "Network Topology Layer 2 Services".
This means it probably won't try to get the ARP table.... I guess my customer is out of luck here.
Now if the switch would have an IP address in that VLAN and have a 0.0.0.0 route to the firewall, could I set the default gateway to the switch's IP address and get the ARP table from the switch in user tracking?
Would there be another way to "fool" usertracking with a list of IP mac relations?
I know I can use the "End Host Table Import" feature but it will still leave the IP column empty.
I believe the solution of using an SVI on the switch as the default gateway is the most elegant solution / hack. I recall Joe Clarke recommended a similar solution with a one-armed router a while back.
One thought that comes to mind is would the customer lose any first hop redundancy (i.e., is the ASA part of an HA pair) and, if so, can you build it back in?
There are indeed 2 ASA's. I'm not sure about the redundancy setup, but if anything is to work for the endhosts if the primary ASA goes down, then the second ASA has to take the same IP address as the primary. endhosts are not smart about their default gateway.
So for my switch that would be the same as for the current endhosts.
The only thing I wonder about is, will user tracking read the ARP cache from the switch. Will it think of the switch as a layer 3 device?
I don't know how UT works, I assumed that there would be a table with a list of known mac and IP addresses but I can't find it in the campus database.
If I was to do the user tracking then I would simply read all ARP cache from every device. I think I would drop any dupe IP entries deleting the entry having a cisco OUI mac address. And use the remaing to update my user tracking table.
I would love to be able to hack the UT and add a list of mac/IP records from a source of my choice.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...