Bad value of mactrack/Devices/UserPortsUP ?

[ArturasJudickas]

MAC address scanning function is set to 'get_IOS_dot1dTpFdbEntry_ports'. After Mac Track reads Cisco device, it detects mactrack/Devices/UserPorts quantity and mactrack/Devices/ActiveMacs quantity properly. However in the mactrack/Devices/UserPortsUP we can see value, which is't equal to the actual quantity of switch ports. This value is the same like mactrack/Devices/ActiveMacs value. What is the meaning of this value? Or it is a bug?

[jdcoats]

If you have a 48 port switch you could show 48 ports but only 20 of those ports are up/up same goes for macs, on some ports you may have 2 or more macs. Not sure I understand the question, but the data looks correct to me.

[ArturasJudickas]

I have 26 port switch Cisco C2960. Switch detects these values:

1. mactrack/Devices/UserPorts - 26
2. mactrack/Devices/UserPortsUP - 69 <------??????
3. mactrack/Devices/ActiveMacs - 69
4. mactrack/Devices/TrunkPorts - 1 And etc.

[jdcoats]

Okay, so that indicates that there are 26 physical ports that are up/up and on those 26 ports there are 69 devices connected. Not far fetched from my environment. Do any of the ports have multiple devices connected? There are many ways to filter the details among different tabs in mactrack (mac address and Interfaces). I do not see an issue yet. If you could provide screenshots of what you think may be a bug that may be helpful.

[ArturasJudickas]

Real connected: 11 ports (mactrack/Devices/UserPortsUP ???? ) Shouldn't it show mactrack/Devices/UserPortsUP ?

SWITCH_R94#sho int status

Port Name Status Vlan Duplex Speed Type Fa0/1 R94_C5 disabled 502 auto auto 10/100BaseTX Fa0/2 R94_HR connected 502 a-full a-100 10/100BaseTX Fa0/3 OMNI_2 notconnect 502 auto auto 10/100BaseTX Fa0/4 R94_HC1 connected 502 a-full a-100 10/100BaseTX Fa0/5 R94_RC connected 502 a-full a-100 10/100BaseTX Fa0/6 R94_HC notconnect 502 auto auto 10/100BaseTX Fa0/7 notconnect 502 auto auto 10/100BaseTX Fa0/8 R94_HM connected 502 a-full a-100 10/100BaseTX Fa0/9 notconnect 502 auto auto 10/100BaseTX Fa0/10 R94_HK notconnect 502 auto auto 10/100BaseTX Fa0/11 notconnect 502 auto auto 10/100BaseTX Fa0/12 R94_S5 connected 502 a-full a-100 10/100BaseTX Fa0/13 notconnect 502 auto auto 10/100BaseTX Fa0/14 R94_EZ connected 502 a-full a-100 10/100BaseTX Fa0/15 notconnect 502 auto auto 10/100BaseTX Fa0/16 R94_PAG connected 502 a-full a-100 10/100BaseTX Fa0/17 notconnect 1 auto auto 10/100BaseTX Fa0/18 R94_RCK connected 502 a-full a-100 10/100BaseTX Fa0/19 notconnect 1 auto auto 10/100BaseTX Fa0/20 R94_RC1 connected 502 a-full a-100 10/100BaseTX Fa0/21 notconnect 1 auto auto 10/100BaseTX Fa0/22 notconnect 1 auto auto 10/100BaseTX Fa0/23 R94 UPS connected 1 a-full a-100 10/100BaseTX Fa0/24 OPTIKA R94->J48 connected trunk a-full a-100 10/100BaseTX Gi0/1 notconnect 1 auto auto 10/100/1000BaseTX Gi0/2 notconnect 1 auto auto 10/100/1000BaseTX

[ArturasJudickas]

[TheWitness]

Well, there is the trunk ports, that may not be detected correctly. I had put a setting on the device to 'skip' trunk ports. You will have to specify them though (the trunk ports).

[TheWitness]

One thing to do, and I guess it would be nice to have a "Device" view that shows how many mac's per port on a device, and be able to click 'auto-ignore' when you find a port that is a trunk port, and be able to dig into where you find a access port with multiple macs (like when someone has a switch under their cubicle serving up their multiple devices).

[jdcoats]

I use this Vlan|Loopback|Null|Stack|port-chan

[ArturasJudickas]

Let's examine my screenshot again. First and third row use 'get_IOS_dot1dTpFdbEntry_ports' MAC address scanning function. Second row use 'get_generic_dot1q_switch_ports' MAC address scanning function, and 'User Ports Up' value here is realistic.

'User Ports Up' value in the first ant third line are looking false, and somewhy are the same, as Active MAC's value. In reality, when I connect to the device listed in the third line, I can see 11 Ports Up, not 69.

I did make some corrections in the code, and it returns proper value of 'User Ports Up' while using 'get_IOS_dot1dTpFdbEntry_ports'. Look at the attached picture. I can do a Pull request for this part of code. I just want to notice that these fixes may impact other features of the program. If this fix is correct, I can finish making full corrections to the rest of the program code.

[jdcoats]

looks to me like P4 is a router/L3 Switch so it would probably be accurate if you are not ignoring vlans, port channels etc. am I correct?

[ArturasJudickas]

This script 'get_IOS_dot1dTpFdbEntry_ports' properly collects all required data from the switch, i.e. User Ports, Trunk Ports, Active MAC's, Total VLAN', etc.

Everything "under the hood" is OK, except of the value of the field "User Ports Up".

In my opinion, the field "User Ports Up" must show quantity of physical switch ports with status "Up" (connected).

[jdcoats]

If you go to mac address tab and filter for the switch in question and also filter for the most current run. The number of macs should be equal to the number of ports up on a L2 switch. This is user ports.

[jdcoats]

so, I cant figure out why the number of IP's shown on mine would only be 9 when there are 13 and maybe I am starting to understand your question more clearly. User ports is more end devices than it is "physical ports" up in this case. If this changes then I will need to explain the dramatic changes in my reporting 👍

[ArturasJudickas]

End devices match MAC address quantities, valued 'Active MACs' and correct. In my opinion, to count 'UserPortsUp' value in accordance with MAC isn't correct. In my given before example, one physical device is connected to every physical port, i.e. AP has got one or more acesse devices. The second line of my earlier sent screenshot 'get_generic_dot1q_switch_ports' counts factual active physical ports of the device and that corresponds to reality. Opening the program code, I see that these types of devices "generic", "dell", "dlink", "3com", "linux", "tplink", "trendnet", "cabletron" work properly. However, for the rest of devices like Cisco, etc., appr. 50% of device types are OK while others are false. As I mentioned before, I can and wish to do amendments of the code and send you a "pool request". If you are sure that value of ''UserPortsUP'' Cisco type of device is proper, then it's necessary to fix "generic", "dell", "dlink", "3com", "linux", "tplink", "trendnet", "cabletron" since they're counted differently. Just let me know should I take care of it or not.