purview: report how to show bidirectional traffic


Userlevel 2
Our customer has a mid-size Network with Enterasys components S8 in the Core.

PurView, NAC-GW's and Netsight are Version 6.1.0.182. ALL ports from the S8 are policy based mirrored to the PurView Gateway.

Following, simple request:

"Show me with which devices the D2 Switch with IP 10.255.255.150 talks SNMP"

If I start a "Report" with "Network Activity for a Client", set the Client IP Address to 10.255.255.150 I can see there 4 Applications SNMP, NTP, ICMP and TFTP.

If I here click to "SNMP" I will see ALL mirror SNMP traffic but NOT the Device I searched for... (there are about 100 Switches within that LAN).

What is the best way to fullfill this request?

7 replies

Userlevel 6
Rainer,
I have duplicated your results in the lab and discussed with development. The closest you can come to this is searching via the application flows for server=10.255.255.150, app=SMMP
This is not "reporting data" as much as short term flow data that is stored in the database for a short amount of time, typically not more than 4 hrs.

Userlevel 4
An Active view is pretty easy
In the flow tab
"SIP=#SwitchIP,app=snmp"

Userlevel 2
I am sorry, but there is nothing to see, if I set the filter on Server (or even also on client) to the switch ip address there is nothing to show. Those device(s) will be polled every 30 seconds by the Netsight Server and CA Spectrum is also polling all the devices. So it could NOT happen that there was NO traffic from / to this switch within the last 4 hours. Maybe too less to hold it in the Database, but that would be pretty bad if we cannot trust the data we see (or not).

I will open a GTAC Case for this.
Userlevel 2
Extreme Networks GTAC Case # (01127878)
Userlevel 6
Rainer and I resolved this in the case.
Userlevel 6
Mike Thomas wrote:

Rainer and I resolved this in the case.

Nice job Mike!

https://gtacknowledge.extremenetworks.com/articles/Q_A/Reviewing-Oneview-Pureview-output-for-SNMP-application
Userlevel 2
YES, thanks again Mike for support.

It is very simple (if you know it 😉 ) Go to "Application" and there to "Application flows" on the right side you can see the "search" line. This is NOT simply a text field to search for, I REALLY recommend you to click to the help text and to "more" within there....

Reply