DX NetOps

Hi All,

We are using Spectrum 9.4 , last week we received BGP false alarm for firewall (which we did not configure BGP on firewall), we are suspecting one of the un managed device has sent a BGP trap to Spectrum so Spectrum has generated false alarm for firewall , here our challenge is we are not able to find un managed device (which not present in Spectrum ).

Please let us know how to find un-managed device and how to prevent these types of false alarms in future ?

Thanks in Advance.

Thanks,

Venu

Venu,

If the alarm was trap based, then Spectrum determines which model to associate the trap to by the agent address in the trap. It could be any ip address configured on the device not just the ip address used to model the device in the Spectrum database. Spectrum reads the ipAddrTable and ipAddressTable tables and stores all known ip addresses for a model in the ip address list attribute for the model. When the trap is received, Spectrum reads the agent address of the trap and looks for any and all models in the Spectrum database that has that ip address associated with it.

If the other device is modeled in the Spectrum database then you can run the Devices -> By IP Address search to see if you can find it.

If it is not, there is nothing that I can think of to do in Spectrum to find this unmanaged device.

Regards,

Joe

Hi Joe,

Thanks a lot for details explanation but we did not find any IP conflict and in our environment devices are sending Traps to Trapex and Trapex will forward to Spectrum for alarm generation, not sure where we can crack this.

Thanks,

Venu

Venu,

Recommend getting a sniffer of the trap and checking the agent address in the trap.

Regards,

Joe