Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1021
Views
0
Helpful
7
Replies

CW LMS3.2 - Campus User Tracking

Go to solution
Marcus Hunold
Level 1
Level 1

‎08-09-2010 04:17 AM

Hi :-)

topology:         coreswtich 6509 as layer 2 with FWSM for layer3

When I have done an User Tracking Acquisition and let me show an

End Hosts Report I can't see the IP-Adresses to the MACs.

Is it right that that the CW LMS is getting this data from the

layer3 network device which have an ARP-Table of all these networks/devices?


How can solve this problem?

Can I get this from the FWSM and when how?

Regards Marcus

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Marcus Hunold

‎08-17-2010 11:26 PM

Yes, it will be with one router terminating multiple subnets.  In my lab, I have just the one subnet.  ACLs would allow you to keep traffic separate.  Again, this may not be a feasible solution for you.  But without some L3 device that Campus supports, you will not get the IPs and hostnames of your end hosts via UT acquisition.  You could still get IPs from DHCP snooping or UTLite, but those would not be resolved to hostnames.

View solution in original post

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Marcus Hunold

‎08-20-2010 09:40 PM

No, 10 minutes is the default, but you can control this from the logon script. Just add the -sleep argument and specify a number of seconds to pause between updates.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎08-09-2010 09:33 PM

Yes, UT gets the IP addresses from ARP tables of layer 3 devices (during acquisitions).  If Dynamic UT is enabled, IPs can also be obtained by polling the CISCO-DHCP-SNOOPING-MIB from switches.

Campus Manager does not support firewalls such as the FWSM.  You will need to use another layer 3 device (e.g. a router) to get the IPs.  What I have done in my lab is to point my servers to a shadow router which is just configured to redirect hosts to the real router.  This shadow router's only purpose is to learn ARP entries.  I then manage this router in Campus.  UT will use that router to get the ARP entries.

0 Helpful

Go to solution
Marcus Hunold
Level 1
Level 1
In response to Joe Clarke

‎08-12-2010 11:37 PM

Hi Joseph,

thank you for your answer.

Can you explain what do you mean with shadow router?

In my topology all networks (each has it's own VLAN) are terminate on the FWSM.

So all have a standard gateway to this firewall.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Marcus Hunold

‎08-13-2010 12:22 AM

In this case, a shadow router would be a router with an interface on each VLAN (or one trunk interface with subinterfaces for each VLAN).  The router's IPs would be the default gateway for all clients in each VLAN.  However, the router's next hop would be the FWSM.  The only thing this router would be doing would be caching ARP entries.  As an example, the FWSM has an interface IP such as 10.1.1.1.  The shadow router would be 10.1.1.2, and all clients in that VLAN would use 10.1.1.2 as their default gateway.

Yes, this does add complexity to the network, and it may not be a feasible solution in all cases.  However, since Campus does not support firewalls, this would be the only way for it to reliably learn ARP data for the end hosts.

0 Helpful

Go to solution
Marcus Hunold
Level 1
Level 1
In response to Joe Clarke

‎08-17-2010 06:14 AM

Is this example not more unsecure as to terminate the subnet at the Firewall !?

How do you seperate the different subnets - with ACLs?

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Marcus Hunold

‎08-17-2010 11:26 PM

Yes, it will be with one router terminating multiple subnets.  In my lab, I have just the one subnet.  ACLs would allow you to keep traffic separate.  Again, this may not be a feasible solution for you.  But without some L3 device that Campus supports, you will not get the IPs and hostnames of your end hosts via UT acquisition.  You could still get IPs from DHCP snooping or UTLite, but those would not be resolved to hostnames.

0 Helpful

Go to solution
Marcus Hunold
Level 1
Level 1
In response to Joe Clarke

‎08-18-2010 06:28 AM

I tried UTLite and it seems to be a good way to fill the list...

When it(utlite33) was started with logon - it is open all day long and connect to the lms every 10 minutes.

Is this timer hard coded in that exe?

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Marcus Hunold

‎08-20-2010 09:40 PM

No, 10 minutes is the default, but you can control this from the logon script. Just add the -sleep argument and specify a number of seconds to pause between updates.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents