on my UT report I got close to 30000 devices don't have neither host name nor ip address. most of the report showed this devices attached to Wirless Access point. which is not managed by LMS.those AP's itself seen as end devices. my question is where is this mac adresses came from is that from switch or from AP's? LMS pull any mac-adress-table from AP's? I am confused and try to understand the whole science behinde user tracking. I am worried about all this unkown mac adresses breach any secutiy. I have another weired information on UT. I have a Solaris test server on my desk. ut report 6 different mac-address for the switch port my server attached too:)
any information highly apperciated.
As I said, if the MAC/IP shows up in a managed router's ARP cache, and UT runs an acquisition while it is there, then UT will show the IP. If the ARP entry times out before UT acquisition runs, then you will miss the IP.
UTLite on Windows end hosts is one workaround for this. UTLite will run on the end host, and send updates to Campus with the end host username, MAC, and IP. Additionally, IN CM 5.0 and higher, we have a feature called dynamic User Tracking which can update the UT database in realtime using MAC-ADDRESS-NOTIFICATION traps and DHCP snooping.