Extreme Networks

Rainer_Adam · ‎06-03-2015

Our customer has a mid-size Network with Enterasys components S8 in the Core.

PurView, NAC-GW's and Netsight are Version 6.1.0.182. ALL ports from the S8 are policy based mirrored to the PurView Gateway.

Following, simple request:

"Show me with which devices the D2 Switch with IP 10.255.255.150 talks SNMP"

If I start a "Report" with "Network Activity for a Client", set the Client IP Address to 10.255.255.150 I can see there 4 Applications SNMP, NTP, ICMP and TFTP.

If I here click to "SNMP" I will see ALL mirror SNMP traffic but NOT the Device I searched for... (there are about 100 Switches within that LAN).

What is the best way to fullfill this request?

Rainer_Adam · ‎06-05-2015

I am sorry, but there is nothing to see, if I set the filter on Server (or even also on client) to the switch ip address there is nothing to show. Those device(s) will be polled every 30 seconds by the Netsight Server and CA Spectrum is also polling all the devices. So it could NOT happen that there was NO traffic from / to this switch within the last 4 hours. Maybe too less to hold it in the Database, but that would be pretty bad if we cannot trust the data we see (or not).

I will open a GTAC Case for this.

Frank_Thomas · ‎06-03-2015

An Active view is pretty easy
In the flow tab
"SIP=#SwitchIP,app=snmp"

Mike_Thomas · ‎06-03-2015

Rainer,
I have duplicated your results in the lab and discussed with development. The closest you can come to this is searching via the application flows for server=10.255.255.150, app=SMMP
This is not "reporting data" as much as short term flow data that is stored in the database for a short amount of time, typically not more than 4 hrs.

Extreme Networks

purview: report how to show bidirectional traffic

purview: report how to show bidirectional traffic