Send Netdot-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://osl.uoregon.edu/mailman/listinfo/netdot-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Netdot-users digest..."
Today's Topics:
1. ARP entries from subnet interfaces. (Jeroen van Renen)
2. Re: how to use external authn for Apache? (William Bulley)
----------------------------------------------------------------------
Message: 1
Date: Tue, 27 Aug 2013 09:31:19 +0000
From: Jeroen van Renen <[email protected]>
Subject: [Netdot-users] ARP entries from subnet interfaces.
To: "[email protected]" <[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Hi,
We are running the netdot 'vmdk' - v1.0.4:
There is the following option in Site.conf:
-----------------------------------------------------------------------
# When fetching ARP caches from devices, Netdot
# ignores any IP that does not fall within the
# interface configured prefixes.
# This assumes that the prefixes have been created
# as Subnets already.
IGNORE_IPS_FROM_ARP_NOT_WITHIN_SUBNET => 1,
-----------------------------------------------------------------------
Now when I do a "./bin/updatedevices.pl -H <ip address> -A -c <community>"
against my cisco 7604 router it returns 'only' about 30 arp entries out of
approx 700.
The router has a port-channel which contains a lot of subinterfaces in the
form of:
port-channel1.1000
port-channel1.1001
port-channel1.1002
|
etc
|
port-channel1.2000
All these interfaces and their corresponding subnets are in fact discovered
by 'netdot' when I go to the device and look at the interfaces or IP info
they are present with their corresponding IP/subnet information.
When I set the option in Site.conf to "
IGNORE_IPS_FROM_ARP_NOT_WITHIN_SUBNET => 0", it does find all the arp
entries but now it does not 'link' them to their corresponding interfaces.
For example with this option set to '0' you get something like (fictive
IPs):
10.0.0.1 <mac> port-channel1.1001
10.0.0.2 <mac> port-channel1.1001
10.0.0.3 <mac> port-channel1.1001
etc
So I am assuming that if this option is enabled when doing the arp scan it
is not able to link the arp entry to the corresponding 'sub' interface and
therefore it simply ommits the entries hence the reason it 'only' finds
about 30 out of 700 entries.
Anyone has seen this issue before or perhaps we have something not correctly
configured?
Thanks for any help,
Jeroen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6059 bytes
Desc: not available
Url :
http://osl.uoregon.edu/pipermail/netdot-users/attachments/20130827/c88a3afd/attachment-0001.bin
------------------------------
Message: 2
Date: Tue, 27 Aug 2013 13:16:06 -0400
From: William Bulley <[email protected]>
Subject: Re: [Netdot-users] how to use external authn for Apache?
To: Valeriy Simonov <[email protected]>
Cc: [email protected], "R.P. Aditya" <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
According to Valeriy Simonov <[email protected]> on Mon, 08/26/13 at 01:33:
>
> I made a small patch to use netdot with apache kerberos SSO:
> https://gist.github.com/simnv/9b3cd0bb347cc3541239
>
> I hope it will help you.
Thanks, Valeriy.
I work with Adi (R.P. Aditya) at the University of Michigan.
I was able to use your patch and to verify that it works for us. :-)
Thank you again!
Regards,
web...
--
William Bulley Email: [email protected]
72 characters width template ----------------------------------------->|
------------------------------
_______________________________________________
Netdot-users mailing list
[email protected]
https://osl.uoregon.edu/mailman/listinfo/netdot-users
End of Netdot-users Digest, Vol 57, Issue 6
*******************************************
