Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1198
Views
0
Helpful
5
Replies

LMS 4.0.1 user tracking issue

p.imre
Level 1
Level 1

‎12-07-2011 07:32 AM

Hi All,

I have an interesting problem at one of my customers. They are using LMS 4.0.1, but they have a problem with user tracking with SNMPv3. They using a very simple SNMP configuration, wich is the following:

access-list 80 permit x.x.x.x
snmp-server group SNMPV3GROUP v3 priv write SNMPV3_VIEW access 80
snmp-server view SNMPV3_VIEW iso included
snmp-server view SNMPV3_VIEW mib-2 included
snmp-server view SNMPV3_VIEW cisco included


User name: SNMPV3USER
Engine ID: 8000000903000014F2C38169
storage-type: nonvolatile        active access-list: 80
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: SNMPV3GROUP

snmp-server group SNMPV3GROUP v3 context vlan-X

Now they have UT working well for their Ctalyst 4500 switches, and the half of the 6500s (They have 2950 switches as well, but for those UT with SNMPv3 is unsupported). So the problem is the following: they have 12 6500 switches, with the same IOS version (10 pieces of WS-C6506-E + SUP720-3B IOS: 12.2(18)SXF17 (IP Services), 2 pieces of WS-C6506 + SUP720-BASE IOS: 12.2(18)SXF17 (IP Services)). They have identical SNMP configuration on both devices. Based on the logs from LMS it seems that on the problematic switches for some reason LMS identifies the switchports as routed:

==============Checking for Device==============

10.255.255.11 : INFO : The switch has been discovered by ANI Server.

IP : 10.255.255.11

Details :Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF17, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by cisco Systems, Inc.

Comp

==============Checking for port Gi1/1==============

Gi1/1 : ERROR : ANI Server has discovered this port as a Routed port. Please run the UTDebug command only on ports connected to end hosts.

The config in the device as follows:

interface GigabitEthernet1/1

switchport

switchport access vlan 162

switchport mode access

no ip address

no snmp trap link-status

spanning-tree portfast

end

TOL_6506E_GT_COR_SW1#sh mac- | i Gi1/1

*  162  0050.5648.a765   dynamic  Yes          0   Gi1/1

TOL_6506E_GT_COR_SW1#sh ip arp vrf ebh | i 0050.5648.a765

Internet  10.222.224.129        122   0050.5648.a765  ARPA   Vlan162

TOL_6506E_GT_COR_SW1#

I didn't find any relevant bugs. Has anyone have any idea?

Thanks in advance,

Imre

Labels:
0 Helpful
5 Replies 5

Michel Hegeraat
Level 7
Level 7

‎12-08-2011 12:12 PM

You must create a snmp context for every vlan that you want to get the mac tables from.

Cheers,

Michel

0 Helpful

p.imre
Level 1
Level 1
In response to Michel Hegeraat

‎12-12-2011 12:59 AM

Michel,

Thanks for the answer. That was the first problem, wich I already fixed with the customer. As you can see in my post, SNMP context are configured, both 6500 are configured in the same manner, but half of them produces UT data, the other half does not.

REgards,

Imre

0 Helpful

Michel Hegeraat
Level 7
Level 7
In response to p.imre

‎12-12-2011 02:07 AM

From the switches where you  have an issue, do you see mac addresses in UT switch report?

Do the endhosts on this switch have the same default gateway as the endhosts on the other switch?

Cheers,

Michel

0 Helpful

p.imre
Level 1
Level 1
In response to Michel Hegeraat

‎12-12-2011 02:29 AM

Hi Michel,

No, theres is no MAC addresses in the UT report of the problematic switches at all. Btw on the switch itself with sh mac address-table command there are the MACs, but as I wrote in my first post, for some reason the LMS thinks a switchport is being a routed port. But unable to find any  reason what can be the problem.

Basic network connectivity must be good on all switches, because it is a working network, so I am sure that all the IP addressing, DFGW settings should be good.

Regards,

Imre

0 Helpful

Michel Hegeraat
Level 7
Level 7
In response to p.imre

‎12-12-2011 03:40 AM

I'm not sure why Campus looks at that port as a routed port, but I ignore the errors in the campus ANI logs as there are too many of them even when everything works.

I always forget the OID (google knows it), but you best try to do an SNMP walk of the mac address table on the LMS server for a vlan you are interested in. Just to see if it can get it

In CSCOpx\bin you find a snmpwalk.exe

I'm not immediately sure why LMS would not be able to get that info via SNMP but it does narrow down on the root cause of your problem

Cheers,

Michel

0 Helpful
Customers Also Viewed These Support Documents