1 of 1 people found this helpful
IPAM 4.2 has neighbor discovery, but no mention of specific platforms. They mention specific SNMP OID's in the online manual:
"IPAM IPv6 address discovery is based on the NDP protocol and information is obtained from routers based on the following MIBs / OIDs:
IPv6 MIB, OID 184.108.40.206.220.127.116.11.12.1.2 (ipv6NetToMediaTablePhysicalAddress)
IP MIB, OID 18.104.22.168.22.214.171.124 (ipNetToPhysicalTable)
ipv6NetToMediaValid - 126.96.36.199.188.8.131.52.12.1.6
Cisco proprietary CISCO-IETF-IP-MIB , OID 184.108.40.206.220.127.116.11.18.104.22.168 (cInetNetToMediaTable)
Note: For troubleshooting purposes verify the device OIDs with those listed above."
The manual is not clear whether ALL of the OIDs are necessary or just some of them. The results of my testing against a 5585 running V9.1(1)4: using Engineer's Toolset SolarWinds MIB Viewer version 22.214.171.124:
126.96.36.199.188.8.131.52.12.1.2 IPV6-MIB ipv6NetToMediaPhysAddress **unsupported OID**
184.108.40.206.220.127.116.11 IP-FORWARD-MIB ip.35 **unsupported OID **
18.104.22.168.22.214.171.124.12.1.6 IPV6-MIB ipv6NetToMediaPhysAddress **unsupported OID**
126.96.36.199.188.8.131.52.184.108.40.206 cInetToMediaTable is not supported on <device name>
So I searched Cisco's MIB FTP site:
They do list RFC1213-MIB.my for the ASA, but any attempt to get anything from ipNetToMediaTable 220.127.116.11.18.104.22.168 fails.
So I see only a few possibilities:
1. The ASA is so new that despite having at least a dozen of the most brilliant people working on it, Cisco has not been able to fix this problem in over 10 years. But it's still new, so please be patient.
2. Cisco does not want you poking into their ASAs for any useful information like this. Go away. Be happy you have interface statistics
3. There is some equivalent OID, carefully hidden under an obscure name devised by federal agents who are trying their best to protect the security of the free world.
The link below s not authoritative, and is well hidden in an unlikely place given how serious managing security devices is, but it supports possibility #2 above:
So the DMZ will remain the darkest, least documented network segment in the Enterprise.
We are considering adding an L3 interface on our DMZ switches so that we can implement RA Guard, which ASA also does not support. We might get our neighbor table that way. I'm sure this is a problem all over the world as more and more people roll (stumble?) out IPv6.