cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
500
Views
0
Helpful
5
Replies

CM end host report

eliaspaulos
Level 1
Level 1

on my UT report I got close to 30000 devices don't have neither host name nor ip address. most of the report showed this devices attached to Wirless Access point. which is not managed by LMS.those AP's itself seen as end devices. my question is where is this mac adresses came from is that from switch or from AP's? LMS pull any mac-adress-table from AP's? I am confused and try to understand the whole science behinde user tracking. I am worried about all this unkown mac adresses breach any secutiy. I have another weired information on UT. I have a Solaris test server on my desk. ut report 6 different mac-address for the switch port my server attached too:)

any information highly apperciated.

1 Accepted Solution

Accepted Solutions

As I said, if the MAC/IP shows up in a managed router's ARP cache, and UT runs an acquisition while it is there, then UT will show the IP. If the ARP entry times out before UT acquisition runs, then you will miss the IP.

UTLite on Windows end hosts is one workaround for this. UTLite will run on the end host, and send updates to Campus with the end host username, MAC, and IP. Additionally, IN CM 5.0 and higher, we have a feature called dynamic User Tracking which can update the UT database in realtime using MAC-ADDRESS-NOTIFICATION traps and DHCP snooping.

View solution in original post

5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

If the APs are not managed by LMS, then UT is getting those MACs from the upstream wired switches. In order for UT to display IPs associated with MACs, those IPs must be in the ARP tables of routers being managed by Campus Manager. Those routers must appear on the Topology Map with green router icons.

In Campus Manager 5.1, there is a new feature which allows you to track rogue MAC addresses on your network.

Are all six MAC addresses showing the same last seen time in UT? Are you using a switch or hub on your desk?

thanks a lot, ok about my server attached to switch, yes 5 out of 6 are the same last seen time in UT. other question upstream wire -> means a trunk port from switch to the router? so let say somebody connect to access point or access point detect any mac address from wirless client can be found on upstream wire? one thing I have notice since I did exclude AP's from LMS I got a lot of unkown mac's do you think that can be the cause. just a not 100% all my routers and switches managed by CM.

Is the switch reporting those five MACs in its MAC table now? If so, then UT is doing what it's supposed to.

The upstream switch is the switch to which the AP connects. Yes, if the APs are connected to the switch via an access port, then all MACs learned by the AP will appear on the wired switch port, and UT will report those MACs as being connected to that port.

Any MAC which is not showing an IP in UT is either not running IP, or no router managed by Campus Manager has that MAC in its ARP table.

thanks, you answered many of my concerns. one more question is about AP's we have devices using AP's for short time of period time using temporary IP address (DHCP) once they finish there job they give up the ip. do you think those device mac-address registerd on UT through the wire without the ip address since the ip is gone?

thank you so much, this is really abig help.

As I said, if the MAC/IP shows up in a managed router's ARP cache, and UT runs an acquisition while it is there, then UT will show the IP. If the ARP entry times out before UT acquisition runs, then you will miss the IP.

UTLite on Windows end hosts is one workaround for this. UTLite will run on the end host, and send updates to Campus with the end host username, MAC, and IP. Additionally, IN CM 5.0 and higher, we have a feature called dynamic User Tracking which can update the UT database in realtime using MAC-ADDRESS-NOTIFICATION traps and DHCP snooping.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: