LMS 4.1 and Nexus 7k User Tracking

Marvin Rhoads · ‎09-02-2011

I am trying to determine why hosts off our Nexus 7010s are being picked up in UT. Since LMS 4.0.1, UT should be supported on these devices.

I did read in the documentation:

When adding the Nexus devices to DCR, provide the netadmin SNMP RO credential.

When other SNMP RO credential is provided, user tracking will not collect end host

data.

I think I have this setup correctly as the device center test passes when cehcking snmp ro credentials.

Our 7010s are running NX-OS 5.0(3) - earlier than the recommended version - might that cause issues? We are not using VRFs other than the default and management.

Here is my snmp section:

sh run | sec snmp

ip access-list copp-system-acl-snmp

10 permit udp any any eq snmp

20 permit udp any any eq snmptrap

match access-group name copp-system-acl-snmp

snmp-server contact <ourcontactinfo>

snmp-server location <ourlocation>

snmp-server user admin network-admin auth md5 0x6fbb56b2146c48702383681c53358eab priv 0x6fbb56b2146c48702383681

c53358eab localizedkey

snmp-server community <mypasspharase> group network-operator

snmp-server mib community-map <mypassphrase> context v·e

no snmp trap link-status

Joe Clarke · ‎09-03-2011

You need to be running NX-OS 5.1(1) for the proper MIB support for UT. Versions prior to that did not support the VTP-MIB.

Marvin Rhoads · ‎09-03-2011

Thanks, Joe. I was suspecting something along those lines.

It'll take a little while to get a change window for these core devices. I'll report back once we've rolled out an upgrade.

Michel Hegeraat · ‎09-04-2011

Joe,

Does it make any difference if the N7K is only used as an intervlan router, rather than as a switch?.

I would expect it to read other mibs (ARP cache) in that case.

Cheers,

Michel

Joe Clarke · ‎09-04-2011

UT maps MAC addresses to ports. If you're not using any layer 2 capabilities of the N7K, then you will not see users connected to it. However, if the N7K is forwarding layer 3 info, then UT can use it as a router for ARP entries.

Marvin Rhoads · ‎09-04-2011

I expect that in my situation - 5010 access and distribution switches with layer 2 services only and a 7010 core router providing gateway services and thus the ARP cache information - I will need the whole chain to have 5.1(1) or later to get an accurate picture of all the end hosts in that data center.

Joe Clarke · ‎09-04-2011

UT is not supported on the N5K series, only the N7K.

Marvin Rhoads · ‎09-04-2011

Ugh, that seems kind of silly. What's the rationale behind that lack of support?

I'd imagine most data center implementations have servers plugged into 5000 series (and their FEXes), not directly into the 7000 series cores.

Is this partial support also the reason why I am unable to create a new VLAN and deploy it to Nexus 5k's? I was really hoping to leverage our CiscoWorks for this, not dive into the DCNM tool.

Joe Clarke · ‎09-04-2011

The primary reason is lack of MIB support on the N5K. While the two platforms run NX-OS, the features between the two are not the same.

Marvin Rhoads · ‎09-04-2011

Which MIB in particular is lacking in the N5K?

I'll follow up separately with our account SE regarding roadmap plans for this feature set.

Joe Clarke · ‎09-04-2011

I believe its a combination of tables in MIBs like CISCO-VTP-MIB and CISCO-VLAN-MEMBERSHIP-MIB.

h.cloostermans · ‎03-19-2012

Does anyone know when (or in which LMS version) UT will be supported on the Nexus 5k series ?

Michel Hegeraat · ‎03-19-2012

As you can see in the thread if you read it, the NEXUS 5K does not support the mibs required for UT.

So I guess your current version might even support it as soon as the mibs start to work on the device and a device package update is done.

Cheers,

Michel