Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1106
Views
5
Helpful
6
Replies

problem with user tracking in cisco prime Lms

Go to solution
hamidreza.taghipur
Level 1
Level 1

‎07-06-2014 02:59 AM

i attach my senario pic ,

i use snmp v3 for my switch ,,

discover -- ok

synchronization  ---- ok

net config and config edit ----- ok

 

 

but my problem is

report / inventory / user tracking / quick report ---------------------------------------- i take this notification for all report : no end hosts found

i install UTU but this program can not found any record too .

 

please help me

Labels:
Preview file
50 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vinod Arya
Cisco Employee
Cisco Employee

‎07-06-2014 07:28 AM

NMS servers access the Bridge-MIB data from devices, to get the MAC/CAM table. Because MAC-address or CAM table is maintained on device/VLAN basis, so query needs to be made per VLAN based.

In snmp v1/v2c SNMP Community String Indexing is used. Where vlan is polled by adding VLAN number after community string after @ sign. Example to see all the mac-address table from VLAN 1, if the community is test123, device would be polled like :

snmpwalk -v2c -c test123@1  10.10.10.1

The syntax is [community string]@[instance number].

For snmp v3 this is not an option, as it cant use SNMP community string indexing. So all the MAC/CAM table needs to made snmp v3 context aware, which exposes BRIDGE-MIB data to SNMP v3.

You must use contexts to get per-VLAN data from the BRIDGE-MIB with SNMPv3.Not all the IOS switches support this. In general, if the device supports the "show snmp context" command, contexts will work. If not, an upgrade is needed. However, some switches (e.g. 2950 series) will never support SNMPv3 contexts. You must use v1/v2c with these switches.

Very simply, you need to add the context to the SNMP group to allow your users to poll the given context. For example, to allow users to poll the BRIDGE-MIB for context vlan-6, you would add something like:

snmp-server group v3group v3 auth context vlan-6 read

You should add all those exact name after context which you see in output of show snmp context.

Also, about UTU, it is just a small utility tool to access the LMS User Tracking DB externally to show the UT data, so unless LMS has UT data in its DB, UTU won't a difference either.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Vinod Arya
Cisco Employee
Cisco Employee

‎07-06-2014 07:28 AM

NMS servers access the Bridge-MIB data from devices, to get the MAC/CAM table. Because MAC-address or CAM table is maintained on device/VLAN basis, so query needs to be made per VLAN based.

In snmp v1/v2c SNMP Community String Indexing is used. Where vlan is polled by adding VLAN number after community string after @ sign. Example to see all the mac-address table from VLAN 1, if the community is test123, device would be polled like :

snmpwalk -v2c -c test123@1  10.10.10.1

The syntax is [community string]@[instance number].

For snmp v3 this is not an option, as it cant use SNMP community string indexing. So all the MAC/CAM table needs to made snmp v3 context aware, which exposes BRIDGE-MIB data to SNMP v3.

You must use contexts to get per-VLAN data from the BRIDGE-MIB with SNMPv3.Not all the IOS switches support this. In general, if the device supports the "show snmp context" command, contexts will work. If not, an upgrade is needed. However, some switches (e.g. 2950 series) will never support SNMPv3 contexts. You must use v1/v2c with these switches.

Very simply, you need to add the context to the SNMP group to allow your users to poll the given context. For example, to allow users to poll the BRIDGE-MIB for context vlan-6, you would add something like:

snmp-server group v3group v3 auth context vlan-6 read

You should add all those exact name after context which you see in output of show snmp context.

Also, about UTU, it is just a small utility tool to access the LMS User Tracking DB externally to show the UT data, so unless LMS has UT data in its DB, UTU won't a difference either.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Vinod Arya

‎07-06-2014 06:47 PM

Nicely explained, Vinod.

Thanks!

Go to solution
Vinod Arya
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎07-06-2014 11:09 PM

Thanks Marvin,

Complements from CSC veterans and conributors like you make us worth spending time here on CSC. smiley

-Thanks

Vinod

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful

Go to solution
hamidreza.taghipur
Level 1
Level 1
In response to Vinod Arya

‎07-06-2014 11:25 PM

thanks a lot for useful answer

,,,,

now i see switch port   mac-address and connected  pcs mac address

but i can not see  host name - ip address - subnet  in list (attach file)

 

note : i discover my device with ( arp - ping - cdp )

pic_0.zip
0 Helpful

Go to solution
hamidreza.taghipur
Level 1
Level 1

‎07-06-2014 11:00 PM

thanks a lot for useful answer

,,,,

now i see switch port   mac-address and connected  pcs mac address

but i can not see  host name - ip address - subnet  in list (attach file)

 

note : i discover my device with ( arp - ping - cdp )

 

pic.zip
0 Helpful

Go to solution
Vinod Arya
Cisco Employee
Cisco Employee
In response to hamidreza.taghipur

‎07-06-2014 11:34 PM

Not all the details are collected by the UT process. For the above mentioned details, you need additional setup.

For hostname to show up, you need UTLite. UTLite is a utility that allows you to collect user names from Primary Domain Controllers, Active Directory, and Novell servers. To do this you need to install UTLite in the Windows Primary Domain Controllers and in the Novell servers. You can also install UTLite in an Active Directory server.

UTLite sends traps to LMS whenever a user logs in or logs out. For more details please check UTLite User Guide

For IP Address to appear, the switch where MAC of the end host is showing it's DG router should also be managed on the LMS. So that the ARP-MAC-IP ADD correlation can happen properly.

This IP address which is collected is resolved with DNS query to get the host name of the end host.

User Tracking collects username and IP address through UTLite for Windows environment. In a Windows environment you can either install UTLite or configure DHCP snooping to get IP address of the end host. They can also co-exist.
If you have neither installed UTLite nor enabled DHCP snooping, the IP address of the end-host connected will be updated only in the next UT Major Acquisition cycle. The ARP cache of the device should be populated with the IP address, for UT Major Acquisition to discover it.User Tracking collects username and IP address through UTLite for Windows environment. In a Windows environment you can either install UTLite or configure DHCP snooping to get IP address of the end host. They can also co-exist.
If you have neither installed UTLite nor enabled DHCP snooping, the IP address of the end-host connected will be updated only in the next UT Major Acquisition cycle. The ARP cache of the device should be populated with the IP address, for UT Major Acquisition to discover it.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful
Customers Also Viewed These Support Documents