HPE Community
Comware Based
1756825 Members
2907 Online
108853 Solutions
New Discussion юеВ

Re: Detect if vlan IP is ever used for routing?

 
Twin_Turbo
Advisor

тАО09-06-2016 04:37 AM

тАО09-06-2016 04:37 AM

Detect if vlan IP is ever used for routing?

I have migrated some vlan interface IPs from other switches to our comware as sub interfaces.

I have no idea if some of them are even used any more but can't think of a way to test them without just removing them and possibly causing some disruption.

Can anyone sugest a way to monitor traffic to the IP without mirroring the port and wiresharking it?

I have tried one sFlow tool "InMon" but could not see any traffic even when pinging the IP.

Cheers

 

Rob

 

 

 

0 Kudos
6 REPLIES 6
Ian Vaughan
Honored Contributor

тАО09-06-2016 10:29 AM

тАО09-06-2016 10:29 AM

Re: Detect if vlan IP is ever used for routing?

Howdy,

Apologies if I've missed your point but can you not just look at the stats counters of the L3 sub-interface? 

Just had a look at a tame VSR and that is able to report back a load of stats etc on something like

# display ip int gig 2/0.20 

For a VLAN 20 facing sub-interface on GigabitEthernet 2/0

Maybe that's all you need - if you need more, please spell it out (it's been a long day :-) ) and I'll have another look.

Cheers

Ian

 

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Twin_Turbo
Advisor

тАО09-07-2016 12:46 AM

тАО09-07-2016 12:46 AM

Re: Detect if vlan IP is ever used for routing?

There are three IP's on the vlan.

x.x.x.254 ( one we want to be DG )
x.x.x.250 ( one that is presently the mainly used DG )
x.x.x.252 ( Not sure if anything uses this as the DG )

disp ip int just shows the total for the interface and not per IP.

 

Cheers

 

Rob

 

 

0 Kudos
Ian Vaughan
Honored Contributor

тАО09-07-2016 03:34 AM

тАО09-07-2016 03:34 AM

Re: Detect if vlan IP is ever used for routing?

Ahhh,

Ok the sub-interfaces / secondary IP addresses thing threw me there as you *can* do a "per logical interface" when you've got say .20 .30 and .40 hanging off your real Gig 2/0. - you can't do interface statistics per "stacked" IP addresses on the same I/F.

Hmmm,

I was thinking maybe an ACL that basically just logs the traffic...

but even with that the L3 address would have to be the destination not just in the traffic path - maybe a particular traffic type that only hits the DG...

And then I was thinking of putting a qos tag on different lots of traffic depending on what the next hop was and counting those tags...

However. 

What about using something like nmap or xenmap with the traceroute option from the other side of your L3 gateway and basically pull a hop list from each host? 

Would that reveal what each host thought was it's default gateway? Sholdn't be too hard to pull the data together and hunt through it for the outliers?

I haven't tried it but there's a bit of logic in there that might help...

Let us know how you get on with it and if you manage to crack it. We can stick some tags against this thread so otehrs can find it. 

thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Twin_Turbo
Advisor

тАО09-08-2016 09:00 AM

тАО09-08-2016 09:00 AM

Re: Detect if vlan IP is ever used for routing?

traceroute would require access to the guest, whcih would mean I would have to potentialy visit 700+ devices either physicaly or try remote execution ( already tried using psexec to run ipconfig and that seemes to fail).

I gues the best option is to run Wireshark on a mirrored port and filter the restults.

 

Cheers

 

Rob

0 Kudos
Ian Vaughan
Honored Contributor

тАО09-09-2016 09:20 AM

тАО09-09-2016 09:20 AM

Re: Detect if vlan IP is ever used for routing?

Sorry, I meant you might be able to quickly add --traceroute to the port scan job under nmap but on reflection that won't help as the traceroute builds up the outbound path not the return path.

I had a quick play with ping with the "-R" option for route record to a host on the other side of a VRRP enabled gateway but I couldn't get anything worthwhile out of it. 

So, I agree, you will need some traffic that originates from the host. 

If you do manage to suss it out please post (even if it is mirroring, wireshark and hunting particular traffic types) and we can put some tags on the thread - it might solve someone elses problem one day.

thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
Vince-Whirlwind
Honored Contributor

тАО09-11-2016 06:43 PM

тАО09-11-2016 06:43 PM

Re: Detect if vlan IP is ever used for routing?

I've been in this situation before.

What I've done is to audit every device on the subnet - use a ping tool then use a switchport-mapper.
I end up with a spreadsheet with every device's switchport, MAC, IP, and hostname.

From there, I remove everything that matches a DHCP entry on the scope for that subnet.
This leaves me with all the static devices - and I investigate each of these in turn - is it in use? Who manages it? What does it do? How is it configured?

One way to deal with this is to create a new Data VLAN and migrate all the standard hosts to it. That leaves you with all the weird and wonderful stuff left behind on your default VLAN.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.