Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ICMP polling from LMS

I have a customer who states he is seeing ping sweeps from the LMS server to unreachable addresses. The addresses are real addresses but unreachable due to firewall/VRF restrictions.

The ICMP addresses are not thought to be discovered IP addresses from the various device interfaces, so more of an auto discovery process.

However, the customer has gone through the process of excluding any non manageable subnets in CS under the discovery section. He has also unmanaged all interfaces which are unreachable via the bulk unmanage script.

Given he believes this is a ping sweep, is there any other LMS component that may perform a ping sweep?

I need to verify 100% this is a ping sweep and the exclusions are set up correctly so there is room for config error still.

Jed

3 REPLIES
Cisco Employee

Re: ICMP polling from LMS

Campus Manager User Tracking will ping sweep subnets to populate router ARP tables so that it can resolve MAC addresses to IP addresses. This can be disabled under Campus Manager > Administration > User Tracking > Acquisition > Ping Sweep.

New Member

Re: ICMP polling from LMS

Does it initiate the ping from the router itself then, or the LMS? Are you saying it runs a ping sweep from the router, pulls the ARP table data into a local store so it can then display mappings within CM?

If the ping sweep is from the LMS and it's not a local subnet I don't see the benefit as the local ARP table will not have much useful info. I guess CM could be clever and know that a ping sweep may cause a specific layer 3 device to route the ping and hence populate the layer 3 device table. I guess this is what is happening.

Does disabling the ping sweep have the side effect of reducing UT tracking functionality?

I'll get him to investigate this further as it sounds a possible candidate.

Thanks,

Jed

Cisco Employee

Re: ICMP polling from LMS

The ping sweep is run from the Campus Manager server. The point of the ping sweep is that hosts being swept will acknowledge the ping. That acknowledgment will cause their gateways to populate the end host's MAC/IP in their ARP tables. Then, when UT polls those router's ARP tables, it finds the MACs.

Not running a ping sweep can reduce the number of IP addresses on sees in UT. However, if the hosts are actively using IP, then chances are the ping sweep is overkill.

186
Views
0
Helpful
3
Replies
CreatePlease to create content