I have a customer who states he is seeing ping sweeps from the LMS server to unreachable addresses. The addresses are real addresses but unreachable due to firewall/VRF restrictions.
The ICMP addresses are not thought to be discovered IP addresses from the various device interfaces, so more of an auto discovery process.
However, the customer has gone through the process of excluding any non manageable subnets in CS under the discovery section. He has also unmanaged all interfaces which are unreachable via the bulk unmanage script.
Given he believes this is a ping sweep, is there any other LMS component that may perform a ping sweep?
I need to verify 100% this is a ping sweep and the exclusions are set up correctly so there is room for config error still.
Campus Manager User Tracking will ping sweep subnets to populate router ARP tables so that it can resolve MAC addresses to IP addresses. This can be disabled under Campus Manager > Administration > User Tracking > Acquisition > Ping Sweep.
Does it initiate the ping from the router itself then, or the LMS? Are you saying it runs a ping sweep from the router, pulls the ARP table data into a local store so it can then display mappings within CM?
If the ping sweep is from the LMS and it's not a local subnet I don't see the benefit as the local ARP table will not have much useful info. I guess CM could be clever and know that a ping sweep may cause a specific layer 3 device to route the ping and hence populate the layer 3 device table. I guess this is what is happening.
Does disabling the ping sweep have the side effect of reducing UT tracking functionality?
I'll get him to investigate this further as it sounds a possible candidate.
The ping sweep is run from the Campus Manager server. The point of the ping sweep is that hosts being swept will acknowledge the ping. That acknowledgment will cause their gateways to populate the end host's MAC/IP in their ARP tables. Then, when UT polls those router's ARP tables, it finds the MACs.
Not running a ping sweep can reduce the number of IP addresses on sees in UT. However, if the hosts are actively using IP, then chances are the ping sweep is overkill.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...