Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
3
Replies

ICMP polling from LMS

jedellerby
Level 1
Level 1

‎03-26-2009 10:40 AM

I have a customer who states he is seeing ping sweeps from the LMS server to unreachable addresses. The addresses are real addresses but unreachable due to firewall/VRF restrictions.

The ICMP addresses are not thought to be discovered IP addresses from the various device interfaces, so more of an auto discovery process.

However, the customer has gone through the process of excluding any non manageable subnets in CS under the discovery section. He has also unmanaged all interfaces which are unreachable via the bulk unmanage script.

Given he believes this is a ping sweep, is there any other LMS component that may perform a ping sweep?

I need to verify 100% this is a ping sweep and the exclusions are set up correctly so there is room for config error still.

Jed

Labels:
0 Helpful
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎03-26-2009 10:54 AM

Campus Manager User Tracking will ping sweep subnets to populate router ARP tables so that it can resolve MAC addresses to IP addresses. This can be disabled under Campus Manager > Administration > User Tracking > Acquisition > Ping Sweep.

0 Helpful

jedellerby
Level 1
Level 1
In response to Joe Clarke

‎03-27-2009 12:53 AM

Does it initiate the ping from the router itself then, or the LMS? Are you saying it runs a ping sweep from the router, pulls the ARP table data into a local store so it can then display mappings within CM?

If the ping sweep is from the LMS and it's not a local subnet I don't see the benefit as the local ARP table will not have much useful info. I guess CM could be clever and know that a ping sweep may cause a specific layer 3 device to route the ping and hence populate the layer 3 device table. I guess this is what is happening.

Does disabling the ping sweep have the side effect of reducing UT tracking functionality?

I'll get him to investigate this further as it sounds a possible candidate.

Thanks,

Jed

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to jedellerby

‎03-27-2009 09:17 AM

The ping sweep is run from the Campus Manager server. The point of the ping sweep is that hosts being swept will acknowledge the ping. That acknowledgment will cause their gateways to populate the end host's MAC/IP in their ARP tables. Then, when UT polls those router's ARP tables, it finds the MACs.

Not running a ping sweep can reduce the number of IP addresses on sees in UT. However, if the hosts are actively using IP, then chances are the ping sweep is overkill.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card