Re: LMS 4.2.2 User Tracking - IP resolving

Abel JULIAN · ‎12-10-2012

Hello,

I have made a fresh install of LMS 4.2.2 and I have a problem with the user Tracking.

My architecture :

A pair of 4500-X running Version 03.03.00.SG

10 stack of 2960-S running IOS : 12.2.55.SE5

The 4500-X are routing cores. Everything is running SNMP V3 and I have entererd the commands for each VLAN :

snmp-server group SDIS03-GP-RW v3 priv context vlan-x write SDIS03-V-RW

All equipments are seen correctly by LMS. My problem is the user Tracking does not show the IP Addresses, I only have the MACs. I suppose this is an issue with ARP Table of the 4500-X that are not dowloaded by LMS but I don't konw why.

I have seen several post on the forum for similar problems but it do not seems to resolv mine.

Thanks by advance for your ideas.

Regards,

Abel.

Michel Hegeraat · ‎12-10-2012

The ARP table must come from a router or a switch, being the default gateway of the end hosts.

Is the 4500 really the default gateway, or is it a 'card' in the 4500? like ACE or similar?

If so usertraking with IP/hostnames wont work. Cisco still has not come clean on this. :-(

Reading the ARP table from a security device must be very very complicated ???

Cheers,

Michel

Abel JULIAN · ‎12-10-2012

Hello Michel,

Thanks for your quick answer. I confirm that the default GW is the 4500 for all the 2960-S, moreover it is a 4500-X-32 version (1 U) so it does not have any linecard in it.

This device is young so maybe Cisco has not develop the right device package for the UT. I checked the compatibiliy matrix for this device on cisco.com and it is written that UT is supported so I don't know.

Thanks anyway,

Abel

Marvin Rhoads · ‎12-10-2012

It might be an issue with MIB support. I have a pair of 4500-X in a site managed by SolarWinds and I just checked them. the equivalent product (User Device Tracker) isn't picking up the ports on the 4500X.

If you have support on your LMS, I'd recommend opening a TAC case. Please report back here if you get any info.

This is a new box and I'll be interested to see them completely leveraged. I've already played with the built-in Wireshark a bit - very nice!

Michel Hegeraat · ‎12-10-2012

The info it should collect from your device is the equivalent to a 'show arp'

So if your 'show arp' shows the IP addresses of the devices then LMS should pick it up too.

Probably going via TAC and try to put it down as a bug (mention the zero day device support from the cisco marketing and ut support in the compatibiliy matrix) gives the quickest resolution.

Cheers,

Michel

Abel JULIAN · ‎12-10-2012

The "show arp" works fine.

I do not have the privileges ton open a TAC case but I will find someone who can.

I will complete this thread with theirs answer.

Thanks for your help guys,

Abel.

Marvin Rhoads · ‎12-11-2012

I found a reference on the LMS Supported Devices Table:

The following features are not supported:

VRF Lite, LANE Management, User Tracking, VLAN Management
Configuration Deploy Protocols: HTTPs
Configuration Fetch Protocols: HTTPs

I wonder if it's due to this fact (mentioned in the 4500-X IOS XE Release Notes):

The following features are not supported on a Catalyst 4500-X Series switches:

•CISCO-IETF-IP-FORWARD-MIB

•CISCO-IETF-IP-MIB

Abel JULIAN · ‎12-20-2012

Hello,

Cisco released new devices packages this week for the 4000 (I think because of VSS). I had installed them and now UT is working well

Thanks for your concerns,

Abel.

Marvin Rhoads · ‎12-20-2012

Interesting - I upgraded a pre-production pair of 4500X to that new IOS (cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin) and Solarwinds UDT is also picking up the ports.

Did you upgrade your IOS as well?

Abel JULIAN · ‎12-20-2012

Nope, not yet. It will be done the second week of january to use VSS.

I will gave you udpate on this last year