• Advertisement

CW LMS3.2 - Campus User Tracking

MIBS, SMMPv1, SMMPv2, SMMPv3 and management

CW LMS3.2 - Campus User Tracking

Postby Guest » Fri Jan 07, 2011 12:43 pm

Hi :-

 

topology:         coreswtich 6509 as layer 2 with FWSM for layer3

 

When I have done an User Tracking Acquisition and let me show an

End Hosts Report I can see the IP-Adresses to the MACs.

 

Is it right that that the CW LMS is getting this data from the

layer3 network device which have an ARP-Table of all these networks/devices?

 


How can solve this problem?

 

Can I get this from the FWSM and when how?

 

Regards Marcus

Guest
 

Advertisement

Re:CW LMS3.2 - Campus User Tracking

Postby Guest » Fri Jan 07, 2011 12:56 pm

Yes, UT gets the IP addresses from ARP tables of layer 3 devices (during acquisitions).  If Dynamic UT is enabled, IPs can also be obtained by polling the CISCO-DHCP-SNOOPING-MIB from switches.

 

Campus Manager does not support firewalls such as the FWSM.  You will need to use another layer 3 device (e.g. a router) to get the IPs.  What I have done in my lab is to point my servers to a shadow router which is just configured to redirect hosts to the real router.  This shadow routers only purpose is to learn ARP entries.  I then manage this router in Campus.  UT will use that router to get the ARP entries.

Guest
 

Re:CW LMS3.2 - Campus User Tracking

Postby Guest » Fri Jan 07, 2011 1:26 pm

Hi Joseph,

 

thank you for your answer.

 

Can you explain what do you mean with shadow router?

 

In my topology all networks (each has its own VLAN) are terminate on the FWSM.

So all have a standard gateway to this firewall.

Guest
 

Re:CW LMS3.2 - Campus User Tracking

Postby Guest » Fri Jan 07, 2011 2:31 pm

In this case, a shadow router would be a router with an interface on each VLAN (or one trunk interface with subinterfaces for each VLAN).  The routers IPs would be the default gateway for all clients in each VLAN.  However, the routers next hop would be the FWSM.  The only thing this router would be doing would be caching ARP entries.  As an example, the FWSM has an interface IP such as 10.1.1.1.  The shadow router would be 10.1.1.2, and all clients in that VLAN would use 10.1.1.2 as their default gateway.

 

Yes, this does add complexity to the network, and it may not be a feasible solution in all cases.  However, since Campus does not support firewalls, this would be the only way for it to reliably learn ARP data for the end hosts.

Guest
 

Re:CW LMS3.2 - Campus User Tracking

Postby Guest » Fri Jan 07, 2011 3:13 pm

Is this example not more unsecure as to terminate the subnet at the Firewall !?

 

How do you seperate the different subnets - with ACLs?

Guest
 

Next


  • Advertisement


Similar topics

Dumb new user question - password
Forum: Small Business Routers
Author: Guest
Replies: 1

ASA with LMS3.2
Forum: Network Management
Author: Guest
Replies: 0

ASA with LMS3.2
Forum: Cisco Security
Author: Guest
Replies: 0

ASA with LMS3.2
Forum: Network Management
Author: Guest
Replies: 0

can I plug port 2 of my WLC 4404 into my dmz for guest user access
Forum: Cisco Wireless
Author: Anonymous
Replies: 0


Return to Network Management

Who is online

Users browsing this forum: Google Adsense [Bot] and 2 guests