If I look at "Switchports on a VLAN ID" I see VLAN, IP and name.
If I try "Devices in ARP Table by VLAN ID" I get 'No ARP entries on VLAN 515'.
If I look at "Device by IP,MAC or hostname" for that subnet I see no VLAN.
I look at "Device by IP,MAC or hostname" for a specific IP in that VLAN/subnet and see that under "ARP Table" the VLAN entry is blank, but under "Switchport History" it is correctly populated.
From this it looks like the ARP table from the firewall is not getting read/imported properly.
Help?
I must say, this is great! Two days in and I have access to a ton of information that I did not have easy access to before.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry I didn't get back sooner, I've been quite sick the past few days and am trying to catch up.
It sounds like your issue is related to the asa scraper not mapping the vlan names to the vlan IDs. I don't deal with ASAs much but I have solved this issue for others in the past. Internally ASAs show the ARP tables and associated VLAN names and there's another command to map the names to VLAN IDs.
Try running this command on your ASA to make sure it's still current:
show nameif
Then try running the scraper in debug mode and look for the messages about mapping the vlan name to vlan ID:
The output from "show nameif" looks like this:
Interface Name Security
Port-channel3.500 VLAN500 99
Port-channel3.501 VLAN501 99
Port-channel3.502 VLaN502 99
Port-channel3.503 VLAN503 99
I saw no output from the command you suggested, but:
gmosley@ubuntuvm:~$ more /tmp/arp.txt | wc
2504 2504 105172
The entries in the file look like this: [IP ADDRESS],[MAC ADDRESS xxxx.xxxx.xxxx],[SOME NUMBER],[VLAN NAME VLAN500]
The 3rd field seems to be the same or different for lines showing entries int eh same VLAN.
Is the problem due to the fact we use sub-interfaces for each VLAN?
Excerpt from tmp/arp.txt:
XXX.YYY.ZZZ.26,0013.72xx.yyyy,34,VLAN500
XXX.YYY.ZZZ.70,00a0.b8xx.yyyy,80,VLAN500
XXX.YYY.ZZZ.71,0005.1exx.yyyy,1010,VLAN500
It is correctly seeing the IP address and the VLAN name (and I am assuming the MAC is correct but have not checked). I am not sure what the 3rd field specifies?
Last edit: Gene Mosley 2014-02-03
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I definitely think it has something to do with the port-channel configuration, and I'm surprised I haven't run in to it before. Based on the above output I did my best to come up with a fix. Please run this version again in debug mode as above and see if the issue is resolved.
So I added both terminal pager commands to the scraper, this must have changed in newer versions. Good to hear the vlan mapping worked. Also the lines you removed, were they causing you problems or just not needed? I want to put together the best scraper I can since I don't get a chance to test this often.
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've revamped some of the ASA login code and have tested it in my environment to clear up a few issues, but I was wondering if you could test with this new version as well to make sure no issues come up. If you could, save a copy of your existing asascraper.pl, replace it with this one and make sure everything is still working.
VLAN 515 is a VLAN behind the ASA firewall.
If I look at "Switchports on a VLAN ID" I see VLAN, IP and name.
If I try "Devices in ARP Table by VLAN ID" I get 'No ARP entries on VLAN 515'.
If I look at "Device by IP,MAC or hostname" for that subnet I see no VLAN.
I look at "Device by IP,MAC or hostname" for a specific IP in that VLAN/subnet and see that under "ARP Table" the VLAN entry is blank, but under "Switchport History" it is correctly populated.
From this it looks like the ARP table from the firewall is not getting read/imported properly.
Help?
I must say, this is great! Two days in and I have access to a ton of information that I did not have easy access to before.
Gene,
Sorry I didn't get back sooner, I've been quite sick the past few days and am trying to catch up.
It sounds like your issue is related to the asa scraper not mapping the vlan names to the vlan IDs. I don't deal with ASAs much but I have solved this issue for others in the past. Internally ASAs show the ARP tables and associated VLAN names and there's another command to map the names to VLAN IDs.
Try running this command on your ASA to make sure it's still current:
show nameif
Then try running the scraper in debug mode and look for the messages about mapping the vlan name to vlan ID:
/opt/netdb/netdbscraper/asascraper.pl -d asahost.domain.com,arp -oa /tmp/arp.txt -debug 2
You should see some output from here, if not let me know:
If not something is broken with the name to ID mapping, maybe get me the output of the show nameif command above and I'll take a look.
Jonathan
The output from "show nameif" looks like this:
Interface Name Security
Port-channel3.500 VLAN500 99
Port-channel3.501 VLAN501 99
Port-channel3.502 VLaN502 99
Port-channel3.503 VLAN503 99
I saw no output from the command you suggested, but:
gmosley@ubuntuvm:~$ more /tmp/arp.txt | wc
2504 2504 105172
The entries in the file look like this:
[IP ADDRESS],[MAC ADDRESS xxxx.xxxx.xxxx],[SOME NUMBER],[VLAN NAME VLAN500]
The 3rd field seems to be the same or different for lines showing entries int eh same VLAN.
Is the problem due to the fact we use sub-interfaces for each VLAN?
Excerpt from tmp/arp.txt:
XXX.YYY.ZZZ.26,0013.72xx.yyyy,34,VLAN500
XXX.YYY.ZZZ.70,00a0.b8xx.yyyy,80,VLAN500
XXX.YYY.ZZZ.71,0005.1exx.yyyy,1010,VLAN500
It is correctly seeing the IP address and the VLAN name (and I am assuming the MAC is correct but have not checked). I am not sure what the 3rd field specifies?
Last edit: Gene Mosley 2014-02-03
Gene,
I definitely think it has something to do with the port-channel configuration, and I'm surprised I haven't run in to it before. Based on the above output I did my best to come up with a fix. Please run this version again in debug mode as above and see if the issue is resolved.
https://sourceforge.net/p/netdbtracking/code/HEAD/tree/trunk/netdbscraper/asascraper.pl
Thanks
Running the updated asascraper it did map VLAN names to VLAN numbers!
I changed this part of the new asascraper.pl:
(I removed "lines", not needed or working on my ASA)
ASA5585 with this OS:
Cisco Adaptive Security Appliance Software Version 8.4(5)
Device Manager Version 7.1(2)
Hey,
So I added both terminal pager commands to the scraper, this must have changed in newer versions. Good to hear the vlan mapping worked. Also the lines you removed, were they causing you problems or just not needed? I want to put together the best scraper I can since I don't get a chance to test this often.
Thanks
I meant I removed the word "lines" ... here is a diff of the new and old scrapers:
The word "lines" in the pager command was causing an error, so I removed it.
Gene,
I've revamped some of the ASA login code and have tested it in my environment to clear up a few issues, but I was wondering if you could test with this new version as well to make sure no issues come up. If you could, save a copy of your existing asascraper.pl, replace it with this one and make sure everything is still working.
https://sourceforge.net/p/netdbtracking/code/618/tree/trunk/netdbscraper/asascraper.pl?format=raw
Thanks a lot,
Jonathan
Ah I got you now. I'm just going to run both commands for now since it seems different ASA versions need different commands for some reason.
As far as work on the IBM scraper I'll try to make some more progress tomorrow, but it shouldn't be much trouble from here.