cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2086
Views
0
Helpful
14
Replies

Duplicate MACS

BlueyVIII
Level 1
Level 1

When I run the duplicate MAC report from CM the report shows over 2,500 duplicate MAC addresses on our network.

I'm sure this isn't correct as the MACs that are showing as duplicates show twice on the same port (once on the voice vlan and once on the native vlan)

Is this a bug? Is there a way to fix this? I've attached an example from the report.

14 Replies 14

Joe Clarke
Cisco Employee
Cisco Employee

Are these duplicates IP phones?  What version of Campus do you have?

The version of CM is 5.2.1

I've looked into this a bit more and it would appear that all the devices showing as duplicates are connected to the switches via a trunk. Both PC's and IP Phones show as duplicates however they're all instances where the PC is connected to the phone (CP-7940's or 7941's) and then the phone is trunked to the switch (either 3550 or 3750).

Does this give an clues?

How are these MACs learned on the switch?  That is, what does a "show mac address-table" report for these ports?

Hi Joe,

I've looked into this a bit further today and can now confirm that 99% of the reported duplicates are infact IP Phones. There are a few of PC's and Servers reported as duplicates but these can be explained (ie, clustered servers, etc). I'm still not sure why the IP Phones are being reported as duplicated though?

When I do a "show mac address table int fa0/xx" on a switch I get the output below.

Vlan    Mac Address       Type           Ports
----    -----------       --------    -----
109    000b.fd5d.f173    DYNAMIC     Fa0/14
217    000b.fd5d.f173    DYNAMIC     Fa0/14

000b.fd5d.f173 is an IP Phone

VLAN 109 is the data VLAN

VLAN 217 is the Voice VLAN

Is there away that I can prevent these appearing as duplicates so the report can be more accurate?

What does the configuration look like for these ports?

The config for port fa0/14 is below (this will be pretty typical of almost all our ports which support IP Phones).

interface FastEthernet0/14
switchport trunk encapsulation dot1q
switchport trunk native vlan 109
switchport mode trunk
switchport voice vlan 217
no logging event link-status
mls qos trust device cisco-phone
auto qos voip cisco-phone
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1 2
wrr-queue cos-map 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
spanning-tree portfast trunk
end

This is what I thought.  Unfortunately, since the switch reports the phone in both VLANs, UT will learn the MAC in both VLANs.  Ideally, the phone report should show you the unique phone entries, but CM 5.2.1 is currently plagued by CSCtd51845 in which duplicates may show up there.  As for getting a getting a better duplicate report, use the Duplicate MAC and VLAN report.  Anytime you have the same MAC duplicated in a given VLAN, that is a problem.  These phone entries should not show up on that report.

Thanks Joe..

I ran the duplicate MAC and VLAN report. This still showed some IP Phones as duplicated, however, only 177 of them rather than circa 2,500 shown in the duplicate MAC report. Does the bug you mention above also affect the MAC and VLAN report?

Also, do I need to take these duplicate into account when looking at the "Number of End Hosts" that CM reports on it's main screen. Currently this is showing as 11,311 end host, however, do I need to subtract the 1000 or so IP Phones that are indentified as duplicates?

I would presume there is a valid reason for the switchport to be in trunk mode to the IP phone?

I.e. there are multiple VLAN's connected behind the IP phone?

If there is only 1 VLAN connected behind an IP phone, putting the port in access mode instead of trunk would also solve your problem.

You're absolutely right.  The recommended config is to use multi-VLAN access ports to avoid STP overhead.  For example:

interface GigabitEthernet0/1

switchport access vlan 30

switchport mode access

switchport voice vlan 40

no logging event link-status

priority-queue out

mls qos trust dscp

no snmp trap link-status

no mdix auto

spanning-tree portfast

However, even in this case, the phone will appear on both the data and voice VLANs.  The phone report in UT will only show one entry (after the patch for the aforementioned bug is applied), but the end host report will show two.

Thanks Guys....The trunk example I used above was taken from a 3550 with an older version of IoS...I can't quite remember the exact IoS version but I think the muli-vlan access port only came into affect fairly recently. Our news 3750's are configured with multi-vlan access port config but (as Joe mentions) this also show's duplicates on the UT reports.

It sounds like there's no way around this so I just need to compensate when running reports. Do the total figures shown on the CM main poral (ie, total devices, etc) take into account these duplicates or do I need to subtact circa 50% of the total duplicates from the total?

Any idea when/if the bug fix is available and where I can get it from?

No, the metrics seen count all end hosts found.  What you're seeing is not a bug per se.  Based on how UT works, and how the phones associate with the switches, this behavior is expected.  The bug where multiple entries per phone show up in the phone report (i.e. the bug I mentioned previously on this thread), is fixed with a patch from TAC.

Thanks Joe..

I'm sorry to labour the point but I need to give our senior management an acurate(ish) count of the number of hosts on our network.

Currently CM is reporting 11,211 hosts on the network. Are the 2,104 duplicates shown in the Duplicate Report included in this number? If so, I guess I need to half the 2,104 (1502) and subtract this from the 11,211 acount for the duplicates being counte twice?

Yes, the total count will include the duped MACs.  Yep, divide by 2 and subtract to get the count without the duplicate phones.  As I said, you should use the duplicate MAC/VLAN report to get an accurate feel for real duplicates.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco