Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Collecting additional ARP data

Switch Port Mapper relies on successfully walking the MAC/Bridge tables and obtaining an ARP source to bind IP addresses to MAC addresses. Some vendors do not expose ARP data via SNMP, which can result in gaps in Switch Port Mapper results and the inability to search for an IP address and resolve the corresponding MAC address and switch port.

Using Config Crawler to automatically retrieve ARP data on a set schedule enables the information to be populated into the Switch Port Mapper database.

Config Crawler

Config Crawler is used to collect ARP information directly from the device CLI output. Most devices provide a command that displays their complete ARP table. Create your command: and capture: statements so the full ARP table is gathered in a single run.

Configs named with the prefix supplementary-arp- will be scanned for ARP extraction. Any matching ARP entries will automatically be included in Switch Port Mapper results.

Script Rule examples

# Palo Alto: fetch ARP
name:    supplementary-arp-palo
command: set cli pager off
capture: show arp all
command: exit
# Always issue an exit command

# Cisco Nexus: fetch ARP
name:    supplementary-arp-nexus
command: terminal length 0
capture: show ip arp vrf all
command: exit
# Always issue an exit command

Important: The script name must begin with: supplementary-arp-

Device Rule example

Your Device Rule schedules execution of the script. Depending on environment size and device movement, run this more or less frequently.

# Device group Palo Alto ARP
name:   palo-arp
group:  paloalto_arp
user:   myusername
pass:   mypassword
script: supplementary-arp-palo
sched:  7am
sched:  1pm
sched:  7pm
sched:  1am

Confirming results

After a Config Crawl completes, you will see the captured ARP output in the Config Viewer. Once the next Switch Port Mapper cycle runs (hourly), the Run Log will display entries similar to:

Loading supplementary arp file 10.100.11.254 (0 secs)
Loading supplementary arp file 10.100.45.254 (0 secs)
Loading supplementary arp file 10.100.64.254 (0 secs)
Loading supplementary arp file 10.100.96.254 (0 secs)

These entries confirm that the supplementary ARP files were processed successfully.