Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
4
Replies

Cisco Network Assistant

bhhouston
Level 1
Level 1

‎05-20-2005 03:35 AM - edited ‎03-09-2019 11:20 AM

I have a number of Catalyst 2950 switches that I manage with the Cisco Network Assistant (v 2.0). I can see all the switches inside the LAN but can't see any switches inside my DMZ or my point of entry switch outside the firewall.

Is there a way to configure my firewall so that I can see these switches with the Network Assistant?

Thanks, Ben

Labels:
0 Helpful
4 Replies 4

paddyxdoyle
Level 6
Level 6

‎05-20-2005 04:27 AM

Hi,

Is your firewall a PIX??

CNA uses CDP to discover devices and CDP is not supported on the PIX.

Here is an excert from the release notes:

"PIX Firewalls do not support the Cisco Discovery Protocol, so they are not automatically shown as neighbors in the Topology view. They are shown only after you add them to a community by using a Create Community or Modify Community window. To see a PIX Firewall link to another community member, you must add the link manually by selecting Add Link in a Topology popup menu."

So the PIX won't pass CDP traffic through hence your switches aren't being discovered, try manually adding them:

Manually Adding Members

Network Assistant provides two ways to manually add devices to a community.

1. In the Create Community window, enter the IP address for the device that you want to add.

2. Click Add to Community.

The second way to manually add a device uses the Topology view:

1. If the Topology view does not appear, choose View > Topology from the feature bar.

2. Right-click a candidate icon, and select Add to Community.

Candidate device labels are cyan; member labels are green.

Rgds

Paddy

0 Helpful

bhhouston
Level 1
Level 1
In response to paddyxdoyle

‎05-20-2005 05:38 AM

Thanks Paddy.

Yes, I have a PIX 515E.

I can see the PIX and add it to my community but I can't see or add the the switches in my DMZ or outside the PIX.

I've even tried creating a new community with the DMZ switches but had no luck.

I suspect thats because the PIX won't pass CDP traffic and the workstation I'm using is inside the PIX but outside the DMZ.

I think I'll try installing CNA on a workstation in the DMZ and give that a shot.

Thanks for the help.

Ben

0 Helpful

paddyxdoyle
Level 6
Level 6
In response to bhhouston

‎05-20-2005 06:33 AM

One more thing, are you allow HTTP from your internal network to your DMZ as CNA uses HTTP once its discovered a device?

HTH

Paddy

0 Helpful

bhhouston
Level 1
Level 1
In response to paddyxdoyle

‎05-20-2005 08:56 AM

Not specifically to the DMZ but I have several servers with both http and https access.

Ben

0 Helpful
Customers Also Viewed These Support Documents