4 Replies Latest reply on Jun 7, 2016 8:15 AM by chris.engstrom

    ARP from Devices that don't allow SNMP Polling

    rosie

      Long time reader, first time poster.

       

      In an attempt to create a single pain of glass within UDT,  I am running into a problem with our router/firewall. There is no option to poll the ARP table via SNMP. I have access to the database and have looked at several tables and was wondering if anyone has used the SDK or created a homebrew solution to push IP/MAC into the UDT_EndpointIP table and if so does anyone know if the UDT_IPAddressCurrent/History tables need to be updated as well or is that information updated from within the already existing framework of the UDT product?

       

      I'm ready to back things up and start testing but was hoping that someone has already invented the wheel and that I could stand on their shoulders.

       

      The other option I've looked at is to take a spare device and manually populate the ARP table using Perl and API calls to the router to get the current data.

       

      Thanks,

       

      Rosie

       

      P.S. If I should post this elsewhere please let me know.

        • Re: ARP from Devices that don't allow SNMP Polling
          mrs.alterego

          Hi rosie - I've moved this under User Device Tracker Forum so that you'll get some good eyes on it from those who have experience with this product, including the Product Manager. :-)

          • Re: ARP from Devices that don't allow SNMP Polling
            dusk2dusk

            Hi Rosie.  I have no direct solution for you.  I am not a DBA or programmer of XML or anything of that ilk to be able to solve this but I can provide what we did at my company and it works fairly well.  We moved from Juniper ScreenOS based firewalls which allow ARP table polling via SNMP to Palo Alto firewalls which do not.  We decided to redeploy the Junipers in every VLAN/Subinterface/Zone and scripted a simple Expect script to login to the Juniper via SSH and poll every IP in the subnets every 30 minutes and set ARP age to 90 minutes.  Adding the Juniper to UDT this provides us with all the ARP table info we need for the switchports.  While less than ideal it's a way around a device that can't do SNMP Arp table.  You could probably get some very cheap older cisco router and interface it on all your VLANs.  Pick any simple device that provides this info via SNMP and you could make it work.  I can provide the Expect script for anyone that needs it. 

            • Re: ARP from Devices that don't allow SNMP Polling
              rschroeder

              Rosie, dusk2dusk had a great idea; I can only offer a small modification to it since we don't know what firewall's you're using.

               

              I've operated several different brands of firewalls, and so far have been able to write firewall rules to allow the traffic you're seeking.

               

              If you're also the firewall admin, or if you can work with that team, see if rules can be written to allow what you need.

               

              That single pane of glass may actually be a pain, but I think that if you can share the brand or model of firewall that's being your Nemesis, chances are good someone in this forum can help figure out the answer.

              • Re: ARP from Devices that don't allow SNMP Polling
                chris.engstrom

                Rosie, when you decide to test I would also be interested in your results.