Setting up Mac Track [SOLVED]

[dpsguard]

Hi XTech,

I have just sent you PM with details.

Thanks

[dpsguard]

Hi XTech,

Thanks so much for your looking into this and helping resolve this problem. I need to leave home now for work and will look into this further late evening and get back to you.

Appreciate again,

[dpsguard]

Hello XTech,

I plugged in Mikrotik switch and DD WRT AP and as you pointed out, none of them are suitable for Mactrack as they do not support mib-2.17.4.3.1.2, hence no mac address is retrieved from them. I verified by snmpwalk on these devices IP. Cisco switches support it and hence we were able to see mac addresses returned from them (of course using your fix of not populating under device type, system description match field).

I then added a HP Procurve switch and it worked using scanner function of NG switch ports. I then added a Cisco SG300 switch. Again this worked , shows that it detected user ports and active mac addresses, but in this case, no mac addresses actually are reported.
Not sure as to what is the issue with SG series of switches. I verified that they do support Bridge-Mib as well.

I have two more questions:

1. Under all switch devices, I see user ports to be equal to total number of physical ports and then user ports up, to be one equal to total number of mac addresses learnt by switch (actual ports up in my case are 3 user ports and 1 uplink port for Cisco 2975).

2. How to mark this as solved and credit it to you .


Thanks so much,

[XTech]

Correct. But after some thougths, I assume, that system description match has no chance to interfere with OID, causing no detection of device type. More looks alike insufficent scanning processes lead to timeouts and problems with second device in list. You could try revert system description back.

1. User Ports equals Device Ports minus Device Trunk Ports, you have no trunks, so this is correct. User Ports Up equals Active MACs is not correct. Looks like a bug in mactrack scanning function for Cisco devices - confirmed in all my bunch of new Catalyst 2960-X and MacTrack 3.0. I should look into code to make a fix and post it here, when I have a spare time.

2. As far as I know - this forum has no marks, reputation, karma, and so on. And I help just because I can.

[dpsguard]

Hi XTech,

Thanks for your generous help. I look forward to the fix when you get chance.

When I plug in a Cisco small business SG300 switch which supports Bridge MIB for mac address tables, I get this.

SG-noMacs.PNG (47.2 KiB) Viewed 17015 times

SG-noMacs2.PNG (35.25 KiB) Viewed 17015 times

I am not sure why this is not repoirting mac addresses but does have 16 mac addresses learnt thru it.

Thanks again,

[XTech]

I slightly patched mactrack_cisco.php for correct number of active user ports on your cacti box. It was quick and dirty hack, so I prefer not to post it now on this forum.

SG300 works with scanning function get_generic_switch_ports, but its port numbering is very strange and trunk (if they really trunk?) ports looks as user ports with a lot of MACs, but the results are still useable. I'll try other scanning functions for this device later.

[dpsguard]

You are genious and very helping soul. God bless you and yours.

I first tried port scanner to be IOS dot1q and then generic dot1q. I did not try generic switch ports. I assumed that any managed / vlan capable switch needs to use dot1q scanner. in this situation, I am not using any trunks or vlans. I had picked up couple of switches from work to test here. But I think what you have done is worth writing in a small knowldgebase article as that is lacking in here. I assume the developers have a lot on their plate and they contribute when they have some personal time available, but anyone reading this thread, will be able to make their MacTrack work.

For SG switches, I find that they add 48 to the actual port number in the mib query response.

You mentioned earlier that your own implementations use mactrack 3.0. I had installed using CactiEZ and the version 3.0 mactrack did not work at all for me. So I uninstalled and downloaded 2.9. It could be that the 3.0 that came with CactiEZ had some integation issues.

I also had updated CentOS 6.4 that came with CactiEZ to 6.8. Resolved Intel driver issues that surfaced as a result, then installed Chrome and changed http / ssl ports to non standard, added firewall etc. Maybe that also caused some issues. I wanted to make this remote box usable to me to provide support to a very small business (I will $100 a month from them to monitor their network for up / down alerts and then login and help them remotely. I threw in a used / available supermicro server in theg hope to learn something new and you have been tremendous support).

[dpsguard]

sent you PM a while ago, somehow still shows up in outbox, but marked as sent. Can you confirm if you received that message?

Thanks

[XTech]

sent you PM a while ago, somehow still shows up in outbox, but marked as sent. Can you confirm if you received that message?

Thanks

PM received. I'll answer later.

[XTech]

Hello again.

Port scanner for dot1q assumes that device vendor strictly conforms with corresponding RFC, alas, most of vendors did not populate dot1qTpFdbAddress array, which used in this scanner. The dot1qTpFdbPort array may be used instead, but there are no Mactrack scanner for this. However, in mactrack source code I find a service function, which works with this array. So, as I myself interested with dot1q information from my switches, I'll take a look for this later, on next week or two, trying to write alternate scanner for dot1q (because original scanner resides in main mactrack_functions.php file).

But I think what you have done is worth writing in a small knowldgebase article as that is lacking in here. I assume the developers have a lot on their plate and they contribute when they have some personal time available, but anyone reading this thread, will be able to make their MacTrack work.

Ok, I just attach patch file here, but this is Q&D fix, I'm not a PHP coder at all.

Code: Select all

--- mactrack_cisco.php.orig     2010-08-17 22:04:28.000000000 -0400
+++ mactrack_cisco.php  2016-07-26 09:57:42.223024124 -0400
@@ -414,7 +414,7 @@
                $i = 0;
                $j = 0;
                $port_array = array();
-
+               $simple_arr = array();
                mactrack_debug("Final cross check's now being performed.");
                if (sizeof($active_vlans)) {
                foreach($active_vlans as $active_vlan) {
@@ -443,6 +443,7 @@
                                                $port_array[$i]["port_number"] = $portNumber;
                                                $port_array[$i]["port_name"]   = $portName;
                                                $port_array[$i]["mac_address"] = xform_mac_address($port_result["mac_address"]);
+                                               $simple_arr[$i] = $portNumber;
                                                $device["ports_active"]++;
                                                $i++;

@@ -459,7 +460,7 @@
                        $j++;
                }
                }
-
+               $device["ports_active"] = sizeof(array_count_values($simple_arr));
                /* display completion message */
                print("\nINFO: HOST: " . $device["hostname"] . ", TYPE: " . substr($device["snmp_sysDescr"],0,40) . ", TOTAL PORTS: " . $device["ports_total"] . ", ACTIVE PORTS: " . $device["ports_active"] . "\n");
                $device["last_runmessage"] = "Data collection completed ok";

The 48 offset for port numbers looks strange. Port name or port description should be used instead, but generic scanner didn't return it for SG.

I'm not pretty sure about used mactrack version. Yes, it reports in plugin's list that it is version 3.0, but since I've used one of SVN versions - it may be something between 2.9 and 3.0. Now I prefer not upgrade working server to SVN version, may be it will be upgraded when Cacti 1.0 comes out. In version 3.0 scanner scripts looks unchanged, so upgrading applies to web interface mostly.

[dpsguard]

Thanks XTech.

I am assuming a stack of switches will work fine with MacTrack. I do have a small customer that have two SG500 switches in a stack. I had set up their network for some redundancy. Two ISPs, on each on two Ubiquity edge routers, VRRP between them and then each of router connected to different SG switch. And downstream from switch stack, a server, teamed NICs attached to again to different switches.

Also with a single IP on the Switch stack, not sure how can I get alert if one of the switch goes down.

[XTech]

Yes, it will be work fine with switch stack. But if you want a switch-in-stack down alert you should use Thold (zero traffic or down on stack interface) or Syslog based (message about stack member down) alert.

Details via PM/Mail, please, because in my opinion, we go to offtopic.

[dpsguard]

Thanks and let us mark this as solved. Appreciate all your help and more.

[JMH]

Hi. Is it possible to use this for docsis devices?

Right now we're using this for our cable plant, and using static ip's. Because we're using static IP's, our DHCP system is using static IP's.

Its a nightmare.

We're in the process of rolling out a new dhcp system and I want to take the static system off at the knees.

[XTech]

Hi!

Hi. Is it possible to use this for docsis devices?

I have no experience with DOCSIS equipment, but if end devices have mac addresses and operator devices support SNMP and BRIDGE-MIB, why not?