Firewall

I suppose that depends on the FW and your company's current FW policy - are you using CSA or some other centrally managed product ?

afraid not its the wild west EDU world. What would be nice and I have yet found what I am looking

for is a product to pull the arp info out of a router mac table. then log it to a data base.  Which would give

the most accurate info then trying to poll or scan a network.

Understood, I have that already logged in the system as an enhancement request

Boy if you could get that to work let me know. Then if it could be put into the report form that you

have you would be rockin. Good luck keep us informed. BF

?? Do you mean switch ??

Routers arp table is only going have entries for a connected networks. The rest relies on routing updates or statics when forwarding packets.

Switch will only have L3 arp entries if it's a layer 3 switch configured with an SVi for the segment you wish to pull info from. Otherwise a layer 2 switch arp table is null but it's mac-address table is stuffed (obviously).

In our environment I would say Router . We are only looking in a few area's
 say 3 or 4 routers. We have a 1/2 a class B from there divided into may vlans. You should be able to filter out all the networks that don't care about.
We do not have Layer 3 switches on all of our networks.
Even with a layer 3 switch you would still need a subnet interface on that switch.
If you have many different vlans  I would believe you would need a routed IP interface to get the information you would need for each vlan.
We have almost 200 vlans.
If it was a smaller environment a  Layer 3 switch will work fine as long as the subnet you are looking  has a routed interface on that switch. I could see it would be nice in a Layer 3 switch also.

Hi there,

Need help. I can't seem to get the netflow info from my router behind the firewall. The router at the back of NTU is Cisco 2800 and at the back of router is ASA firewall.

I have checked security configurations of the ASA firewall that would allow 2055 and still nothing.

I have scanned the loggings of both firewalls and no 2055 or anything that would pick up the Netflow from 2800. thanks in advance.

Sincerest apologies for hijacking this thread further, as it relates to the IPAM app, I just dont see how the app scaning a routers or switches arp table is the right direction to go. ICMP, SNMP are much more appropriate.

"Even with a layer 3 switch you would still need a subnet interface on that switch."
If you have many different vlans  I would believe you would need a routed IP interface to get the information you would need for each vlan."

You don't. Switches not cofigured to route packets, broadcast to forward packets off a particular broadcast domain. This is basic function of a switch - packet forwarding.

Brford, the moment you put an IP address (svi- a.k.a. subnet interface other a management IP) on a switch, enable it, ip routing and then pass traffic to it as end point it becomes a layer 3 switch. For no other fact than than the switch is now dealing with information at the IP layer. It is no longer broadcasting to resolve traffic to a L3 device for routing off a particular broadcast domain, it is now routing packets because it is functioing at layer 3. It will forward packets as needed to another layer 3 device based on the routing tables installed on the switch via IGP, or static entries.

Layer two switches with L3 management IP's will still perfrom the layer 2 funtion of forwarding packets outside a particular broadcast domain without ever having made an arp entry because they are not functioning at the IP layer, they are functioning at the data-link layer. A layer 2 switch will perform no routing what so ever. A layer 2 switch will have an ip-default gateway configured to reach it's management interface - ortherwise, it simply broadcasts out each of it's configured interfaces looking for where to forward a packet.

Routers only have arp tables for connected networks.

Unless - Im completely confused, I would humbly disagree with the suggestion that IPAM pulling arp tables is more accurate than ICMP/SNMP scan of a given subnet.  

Robert,

Email me - i should be able to assist

:)