End hosts missing on LMS 3.2

Answered Question
Dec 17th, 2009
User Badges:

we recently upgrade LMS 2.6 to 3.2 and we have close to 38,000 end hosts. the old CW reflect the correct number of end hosts however the new one only reporting  28,000 end hosts. when I did down, there is no end hosts clollected at least close to 250 switches. all this switches managed by CM and when I run UT from CM or Device center I got a responce "no end host". how I can troubleshoot the end hosts issue per device? all credentail, transport method..pretty much everything the same with other 2000 switches. but some reason these 250+ switches doesn't have end host report. And I know all the missing 8000 end hosts belongs to thoses switches. thanks in advance for any suggestion.

Correct Answer by Joe Clarke about 7 years 5 months ago

You only need to allow context polling for those VLANs on which you want to acquire users.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Thu, 12/17/2009 - 08:33
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

First, make sure you're running Campus Manager 5.2.1.  We have been working through a number of UT issues in CM 5.x, and 5.2.1 contains almost all of the recent fixes.  Troubleshooting involves enabling "user tracking" debugging for the User Tracking Server acquisition process.  After running a new acquisition, the ut.log contains the details.  You would then go through that log looking for errors relating to the missing switches.


This, of course, assumes the switches show up as green with proper icons on the Campus topology map.  The switches must have been data collected before UT will find end hosts on them.

raindrop18 Thu, 12/17/2009 - 10:00
User Badges:

Thanks, my CM is 5.2.0 so I need the upgrade.where I can get the upgrade? from TAC. in the mean time how I can data collection for one device then run ut on one device? is this possible. the reason I am asking if I am turn on debug for all ut collection for 30k+ the data will be huge and overwhel to track the problem. simply how I can toubleshoot per switch something like that.

Joe Clarke Thu, 12/17/2009 - 10:03
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No.  While you can enable debugging for one device, I find this to be less than desirable.  It is best to enable debug for all of UT so that nothing gets missed.  I also like to see a full major acquisition as opposed to a single device or subnet acquisition.  The log may be bigger, but the debugging is complete.

raindrop18 Thu, 12/17/2009 - 10:11
User Badges:

how to enable debugging. is this the right way to enable debugging for ut... Admin -> Debugging Options-> User Tracking Server ?  currently on this section "enable debug" selected.  do I need to select " enable device level debugging" also?

Joe Clarke Thu, 12/17/2009 - 10:54
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, it's Campus > Admin > Debugging Options > User Tracking Server.

raindrop18 Fri, 12/18/2009 - 08:09
User Badges:

ok, I did re-run data collection then user tracking while I am turned on debugging. how ever I didn't see any error recording on debug out put. one thing I have find out all "ws-c3560G-24ps" switches we have not detected not only this model but any switches attached to this model switches also not detected. we are using this switches on certain location as primary switches. so any host from these locations not detected. however we have few locations these model switches not a primary switches, UT tracking all end devices.

  the question is why is ut unable tracking end hosts when "WS-C3560G-24ps" model setup as primary switch? is this something I need to correct on CM?

I have checked topology services. this switches mapping correctly with green line and the icon for this mode switch is "Router/switch" icon.

Thanks.

Joe Clarke Fri, 12/18/2009 - 10:51
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

There is nothing that needs to be done in UT.  Post the show run, show ver, and show mac, and show int status from one of these switches.  Additionally, post the NMSROOT/campus/etc/cwsi/portData.xml and vlanData.xml files.

raindrop18 Fri, 12/18/2009 - 12:35
User Badges:

Thanks, I have post few of the information. because of senstive information contain on sh run, or vlandata.xml. even based on this information at least for me,end hosts detected on the switch. I have checked it by using " the mac-address listed on sh-mac " out put and go to the router attached this switch and run " sh ip arp" then once I got the ip address, run nslookp. I have found the missing  end hosts. for me that indicate the mechanism is working on the switch.

---------

I couldn't attach the file, here is the info

Joe Clarke Fri, 12/18/2009 - 12:40
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

If you cannot post the show run or vlanData.xml, then you need to open a TAC service request with this information.  It will be required to fully analyze this problem.

raindrop18 Tue, 01/12/2010 - 10:15
User Badges:

I got the response from TAc  << CM / UT issue, user tracking will not work with out contexts configured in the device.......you currently do not have those configured.> and  didn't know what does it mean. we are using snmp V3 for read/write but we are using SNMP v2 for read only. so I am curious UT using V2 or V3.if this context issue related to snmp v-3. please give me some explanation/instruction what I need to do. either on CM or on device side. Thanks,

Joe Clarke Tue, 01/12/2010 - 12:32
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

If you have configured SNMP community strings in DCR WITHOUT SNMPv3, then Campus will use SNMPv1/v2c.  If you configured SNMPv3 credentials for any device in DCR, then Campus will use v3.  In that case, you need to configure the switch for contexts.  This is done by running the "show snmp context" command, and adding a context entry for each "vlan" context in the following mannger (assume v3group is your SNMPv3 group):


snmp-server group v3group v3 auth context CTXT


Where CTXT is the "vlan" context name (e.g. vlan-1).

raindrop18 Wed, 01/13/2010 - 11:02
User Badges:

Thanks for detail info, so i need to context only for 3560 switches?  I know according to Cisco document, I need to add on all switches. but if you remember the original question this UT problem we have only for the locations 3560G switches configured as primary switch. we don't have any other issue with location. even though we didn't configure context, and all locations using snmp V.3 for RW. I am kind of confused.

Joe Clarke Wed, 01/13/2010 - 22:07
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, contexts are not just limited to 3560s.  If you are using SNMPv3, you need them for all switches to allow polling the BRIDGE-MIB on a per-VLAN basis.  I haven't seen your device configs or your DCR credentials, so I cannot say for certain if contexts are really needed here.  What is the TAC SR number?

Joe Clarke Wed, 01/13/2010 - 22:40
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Actually, if your SR is 613245139, I have already been helping with that.  It appears your working switches are 2950s.  The 2950 is handled specially in CM 5.2.  These switches will never support SNMPv3 contexts since they cannot run 12.2 code.  Therefore, I wrote some code so that if SNMP community strings are present in DCR for these switches, UT will use those instead of v3 when acquiring end hosts.  The 3560, on the other hand, CAN support contexts, and thus UT will use the v3 credentials in DCR to get end hosts.  Therefore, if the 3560s (or 3550s, 2960s, etc.) do not have contexts configured, UT will not find any end hosts.

raindrop18 Thu, 01/14/2010 - 07:44
User Badges:

yes,that's my SR. thank you so much for explanation. I do understand now. here is one of my switch "sh snmp context" out put.

switch#sh snmp context

vlan-1

vlan-100

vlan-200

vlan-300

vlan-400

vlan-1002

vlan-1003

vlan-1004

vlan-1005 so, do I need to create for all these vlan a context? or  just for Vlans I want to scan end host. let say I don't want scan a wireless vlan. so I could ignore that vlan?  once again thank you so much for your help!!!

Correct Answer
Joe Clarke Fri, 01/15/2010 - 14:16
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You only need to allow context polling for those VLANs on which you want to acquire users.

Actions

This Discussion