We have successfully installed ciscoworks LMS 3.0 in our network.
We are facing some problems related to Campus user tracking.
In our network FWSM is running with 'MSFC Outside' topology (meaning FWSM has default route set towards the MSFC and then the MSFC is going towards our Internet/WAN Routers. All our LAN subnets are in FWSM to process and protect our inside traffic.
In the Campus user tracking Acquisition setting we have selected (use DNS to resolve hostname, get user name from UNIX host, get username from NT and NDS domain).
We have no problem with DNS Settings for layer 2 and layer 3 devices, since we are able to ping these devices using their host-names. DFM is also able to do reverse-lookup while sending email alerts. All end-users also have a reverse-lookup zone configured in DNS.
If we use user tracking reports it is only displaying the mac address of the end-users and not their usernames, hostnames and ip address. I understand that the username part requires a script to be loaded on the domain controller. We will skip that for now, We checked the Supported device tables for LMS 3.0 Dec 2007 Update and it seems FWSM is not supported for 'User Tracking'. Currently all our IP/Mac mappings are present in the FWSM if the 'show arp' command is issued. The Core Switches (MSFC Outside) have no knowledge of the IP addresses of these devices as they are one L3 hop away and the core switch has a route pointing towards the FWSM to reach all these Internet LAN subnets.
As a result, in Campus Manager >> User Tracking >> Configuration Subnet acquisition setting, we are not getting our internal subnets only external network subnets are being displayed (Like the subnets between the MSFC/FWSM, between the MSFC/Routers etc. All other LAN subnets are not appearing.
How we can solve this problem so that we can track the all users using their IP addresses. Is there any future planned release in which FWSM will be supported for User Tracking? Or any workaround like making a custom Import file and importing this information? Or any other work-around.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...