cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1683
Views
0
Helpful
17
Replies

End hosts missing on LMS 3.2

raindrop18
Level 1
Level 1

we recently upgrade LMS 2.6 to 3.2 and we have close to 38,000 end hosts. the old CW reflect the correct number of end hosts however the new one only reporting  28,000 end hosts. when I did down, there is no end hosts clollected at least close to 250 switches. all this switches managed by CM and when I run UT from CM or Device center I got a responce "no end host". how I can troubleshoot the end hosts issue per device? all credentail, transport method..pretty much everything the same with other 2000 switches. but some reason these 250+ switches doesn't have end host report. And I know all the missing 8000 end hosts belongs to thoses switches. thanks in advance for any suggestion.

1 Accepted Solution

Accepted Solutions

You only need to allow context polling for those VLANs on which you want to acquire users.

View solution in original post

17 Replies 17

Joe Clarke
Cisco Employee
Cisco Employee

First, make sure you're running Campus Manager 5.2.1.  We have been working through a number of UT issues in CM 5.x, and 5.2.1 contains almost all of the recent fixes.  Troubleshooting involves enabling "user tracking" debugging for the User Tracking Server acquisition process.  After running a new acquisition, the ut.log contains the details.  You would then go through that log looking for errors relating to the missing switches.

This, of course, assumes the switches show up as green with proper icons on the Campus topology map.  The switches must have been data collected before UT will find end hosts on them.

Thanks, my CM is 5.2.0 so I need the upgrade.where I can get the upgrade? from TAC. in the mean time how I can data collection for one device then run ut on one device? is this possible. the reason I am asking if I am turn on debug for all ut collection for 30k+ the data will be huge and overwhel to track the problem. simply how I can toubleshoot per switch something like that.

Joe Clarke
Cisco Employee
Cisco Employee

No.  While you can enable debugging for one device, I find this to be less than desirable.  It is best to enable debug for all of UT so that nothing gets missed.  I also like to see a full major acquisition as opposed to a single device or subnet acquisition.  The log may be bigger, but the debugging is complete.

how to enable debugging. is this the right way to enable debugging for ut... Admin -> Debugging Options-> User Tracking Server ?  currently on this section "enable debug" selected.  do I need to select " enable device level debugging" also?

No, it's Campus > Admin > Debugging Options > User Tracking Server.

ok, I did re-run data collection then user tracking while I am turned on debugging. how ever I didn't see any error recording on debug out put. one thing I have find out all "ws-c3560G-24ps" switches we have not detected not only this model but any switches attached to this model switches also not detected. we are using this switches on certain location as primary switches. so any host from these locations not detected. however we have few locations these model switches not a primary switches, UT tracking all end devices.

  the question is why is ut unable tracking end hosts when "WS-C3560G-24ps" model setup as primary switch? is this something I need to correct on CM?

I have checked topology services. this switches mapping correctly with green line and the icon for this mode switch is "Router/switch" icon.

Thanks.

There is nothing that needs to be done in UT.  Post the show run, show ver, and show mac, and show int status from one of these switches.  Additionally, post the NMSROOT/campus/etc/cwsi/portData.xml and vlanData.xml files.

Thanks, I have post few of the information. because of senstive information contain on sh run, or vlandata.xml. even based on this information at least for me,end hosts detected on the switch. I have checked it by using " the mac-address listed on sh-mac " out put and go to the router attached this switch and run " sh ip arp" then once I got the ip address, run nslookp. I have found the missing  end hosts. for me that indicate the mechanism is working on the switch.

---------

I couldn't attach the file, here is the info

Joe Clarke
Cisco Employee
Cisco Employee

If you cannot post the show run or vlanData.xml, then you need to open a TAC service request with this information.  It will be required to fully analyze this problem.

thanks a lot!!! I will open a TAC case

I got the response from TAc  << CM / UT issue, user tracking will not work with out contexts configured in the device.......you currently do not have those configured.> and  didn't know what does it mean. we are using snmp V3 for read/write but we are using SNMP v2 for read only. so I am curious UT using V2 or V3.if this context issue related to snmp v-3. please give me some explanation/instruction what I need to do. either on CM or on device side. Thanks,

If you have configured SNMP community strings in DCR WITHOUT SNMPv3, then Campus will use SNMPv1/v2c.  If you configured SNMPv3 credentials for any device in DCR, then Campus will use v3.  In that case, you need to configure the switch for contexts.  This is done by running the "show snmp context" command, and adding a context entry for each "vlan" context in the following mannger (assume v3group is your SNMPv3 group):

snmp-server group v3group v3 auth context CTXT

Where CTXT is the "vlan" context name (e.g. vlan-1).

Thanks for detail info, so i need to context only for 3560 switches?  I know according to Cisco document, I need to add on all switches. but if you remember the original question this UT problem we have only for the locations 3560G switches configured as primary switch. we don't have any other issue with location. even though we didn't configure context, and all locations using snmp V.3 for RW. I am kind of confused.

No, contexts are not just limited to 3560s.  If you are using SNMPv3, you need them for all switches to allow polling the BRIDGE-MIB on a per-VLAN basis.  I haven't seen your device configs or your DCR credentials, so I cannot say for certain if contexts are really needed here.  What is the TAC SR number?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco