Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.
During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.
We apologize for the inconvenience while we perform important updates to the Community.
When I run the duplicate MAC report from CM the report shows over 2,500 duplicate MAC addresses on our network.
I'm sure this isn't correct as the MACs that are showing as duplicates show twice on the same port (once on the voice vlan and once on the native vlan)
Is this a bug? Is there a way to fix this? I've attached an example from the report.
The version of CM is 5.2.1
I've looked into this a bit more and it would appear that all the devices showing as duplicates are connected to the switches via a trunk. Both PC's and IP Phones show as duplicates however they're all instances where the PC is connected to the phone (CP-7940's or 7941's) and then the phone is trunked to the switch (either 3550 or 3750).
Does this give an clues?
I've looked into this a bit further today and can now confirm that 99% of the reported duplicates are infact IP Phones. There are a few of PC's and Servers reported as duplicates but these can be explained (ie, clustered servers, etc). I'm still not sure why the IP Phones are being reported as duplicated though?
When I do a "show mac address table int fa0/xx" on a switch I get the output below.
Vlan Mac Address Type Ports
---- ----------- -------- -----
109 000b.fd5d.f173 DYNAMIC Fa0/14
217 000b.fd5d.f173 DYNAMIC Fa0/14
000b.fd5d.f173 is an IP Phone
VLAN 109 is the data VLAN
VLAN 217 is the Voice VLAN
Is there away that I can prevent these appearing as duplicates so the report can be more accurate?
The config for port fa0/14 is below (this will be pretty typical of almost all our ports which support IP Phones).
switchport trunk encapsulation dot1q
switchport trunk native vlan 109
switchport mode trunk
switchport voice vlan 217
no logging event link-status
mls qos trust device cisco-phone
auto qos voip cisco-phone
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1 2
wrr-queue cos-map 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
spanning-tree portfast trunk
This is what I thought. Unfortunately, since the switch reports the phone in both VLANs, UT will learn the MAC in both VLANs. Ideally, the phone report should show you the unique phone entries, but CM 5.2.1 is currently plagued by CSCtd51845 in which duplicates may show up there. As for getting a getting a better duplicate report, use the Duplicate MAC and VLAN report. Anytime you have the same MAC duplicated in a given VLAN, that is a problem. These phone entries should not show up on that report.
I ran the duplicate MAC and VLAN report. This still showed some IP Phones as duplicated, however, only 177 of them rather than circa 2,500 shown in the duplicate MAC report. Does the bug you mention above also affect the MAC and VLAN report?
Also, do I need to take these duplicate into account when looking at the "Number of End Hosts" that CM reports on it's main screen. Currently this is showing as 11,311 end host, however, do I need to subtract the 1000 or so IP Phones that are indentified as duplicates?
I would presume there is a valid reason for the switchport to be in trunk mode to the IP phone?
I.e. there are multiple VLAN's connected behind the IP phone?
If there is only 1 VLAN connected behind an IP phone, putting the port in access mode instead of trunk would also solve your problem.
You're absolutely right. The recommended config is to use multi-VLAN access ports to avoid STP overhead. For example:
switchport access vlan 30
switchport mode access
switchport voice vlan 40
no logging event link-status
mls qos trust dscp
no snmp trap link-status
no mdix auto
However, even in this case, the phone will appear on both the data and voice VLANs. The phone report in UT will only show one entry (after the patch for the aforementioned bug is applied), but the end host report will show two.
Thanks Guys....The trunk example I used above was taken from a 3550 with an older version of IoS...I can't quite remember the exact IoS version but I think the muli-vlan access port only came into affect fairly recently. Our news 3750's are configured with multi-vlan access port config but (as Joe mentions) this also show's duplicates on the UT reports.
It sounds like there's no way around this so I just need to compensate when running reports. Do the total figures shown on the CM main poral (ie, total devices, etc) take into account these duplicates or do I need to subtact circa 50% of the total duplicates from the total?
Any idea when/if the bug fix is available and where I can get it from?
No, the metrics seen count all end hosts found. What you're seeing is not a bug per se. Based on how UT works, and how the phones associate with the switches, this behavior is expected. The bug where multiple entries per phone show up in the phone report (i.e. the bug I mentioned previously on this thread), is fixed with a patch from TAC.
I'm sorry to labour the point but I need to give our senior management an acurate(ish) count of the number of hosts on our network.
Currently CM is reporting 11,211 hosts on the network. Are the 2,104 duplicates shown in the Duplicate Report included in this number? If so, I guess I need to half the 2,104 (1502) and subtract this from the 11,211 acount for the duplicates being counte twice?
Yes, the total count will include the duped MACs. Yep, divide by 2 and subtract to get the count without the duplicate phones. As I said, you should use the duplicate MAC/VLAN report to get an accurate feel for real duplicates.