Index
- Overview
- MAC-IP Reports
- MAC-IP Dashboard
- MAC-IP Settings
- Retrieving Data from SNMPv3 Devices
- MAC API Endpoints
Overview
Statseeker collects and stores MAC-IP relationship data for your network. This data includes the device and interface the MAC was connected to, the VLAN it appeared on, and the ARP table the information was retrieved from. Together, this information enables you to uniquely identify transient infrastructure as it appears on your network and track the movement of mobile hardware within your network.
Statseeker v5.6.1 featured a reworking of Statseeker’s MAC-IP module resulting in:
- Updated dashboard
- New MAC-IP reports
- Additional tunable MAC-IP settings providing greater control over MAC-IP data retention
- New MAC record API endpoints
MAC-IP Reports
As of Statseeker v5.6.1, there are two new default MAC-IP data reports available, the MAC-IP and MAC-IP Networks Locations reports. These reports are located in the General section of the report list.
General: MAC-IP Report
The MAC-IP report presents the MAC-IP records for devices seen on your network. The report offers drilldowns to the MAC-IP Network Locations report (filtered by MAC, IP, VLAN, or Vendor), Summary Reports > Device Viewer (filtered to the MAC Device or Seen Device), and the Interface Statistics report ( filtered to the MAC Interface or Seen Interface).
- Selecting a MAC or IP will launch the MAC-IP Network Locations report filtered by the selection, presenting records of where and when the associated MAC\IP has been seen on the network
- Selecting a Date will launch the MAC-IP Network Locations report, filtered by that MAC and date
General: MAC-IP Network Locations Report
The MAC-IP Network Locations report can be used to track where a MAC has been seen on your network. The report offers drilldowns to the MAC-IP Network Locations report (filtered by MAC, IP, VLAN, or Vendor), Summary Reports > Device Viewer (filtered to the MAC Device, Seen Device, or ARP Device), and the Interface Statistics report ( filtered to the MAC Interface or Seen Interface).
MAC-IP Dashboard
Statseeker’s default MAC-IP dashboard provides an overview of the network’s MAC-IP configuration with breakdowns by VLAN, device, interface, and ARP Router. The dashboard offers drilldowns to the Device Overview for both the ARP Router and the device associated with the MAC, the Interface Overview, and MAC-IP tables filtered by MAC or IP address.
The default dashboard can be customized as needed (see Working with Dashboards for details) and new dashboard content can be produced by referencing the MAC-IP associated Objects in your dashboard panel configurations:
- MAC-IP > MAC Records – details of MACs (including dates of first encounter and last seen) seen on your network
- MAC-IP > MAC-IP Records – records of where MACs have been seen on your network within a defined date range
For instructions and examples surrounding every aspect of developing dashboard content, refer to the Dashboards specific documentation and videos.
MAC-IP Settings
There are range of MAC-IP related settings available in the Admin Tool.
Data Retention Settings:
- Select Admin Tool > Network Discovery – Advanced Options > Advanced Options
- Scroll to the bottom and click File Edit Mode
- nim_calc_mis on (default) enables the collection MAC-IP data, off disables this collection
- nim_calc_mis_agetime number of seconds to store MAC records, default value is 7-days (604800 seconds)
Statseeker also provides the option to purge all existing MAC-IP records, following this Statseeker will begin to repopulate the MAC-IP tables from fresh data. This option can be accessed by:
- Selecting Admin Tool > Statseeker Administration > Services
- Click Edit (top-right)
- Locate the MAC-IP Reset option and click Run
- Read the Warning notice presented and confirm the action to proceed
Retrieving Data from SNMPv3 Devices
Statseeker will manage MAC/IP data collection from devices via SNMPv2 seamlessly but when accessing VLAN data from the BRIDGE MIB via SNMPv3, each VLAN needs to be assigned to an SNMPv3 context. This configuration is made on the device itself and must be applied to every VLAN that you want Statseeker to monitor for MAC/IP records.
To determine if your switch supports contexts, and to identify the VLAN’s available on the device, use the following command on the device CLI:
enableshow snmp context
If the output returns a list of VLANs, then Statseeker will be able to retrieve MAC/IP data via SNMPv3 once the VLANs have been configured to do return this data.
Configuring a Single VLAN
For each VLAN to be monitored on a device, apply the following configuration via the CLI:
- snmp-server group <GROUP_NAME> v3 priv context vlan-<VLAN_ID>
- Example:
enable config term snmp-server group MyGroup v3 priv context vlan-4 snmp-server group MyGroup v3 priv context vlan-5 snmp-server group MyGroup v3 priv context vlan-12
Configuring Multiple VLANs
This method works for recent OS versions (does not work on devices running IOS v12.4(20)T or earlier) and will apply the setting to all VLANs on the device.
To configure all VLANs on a device, apply the following configuration via the CLI:
- snmp-server group <GROUP_NAME> v3 auth context vlan- match prefix
- Example:
enable config term snmp-server group MyGroup v3 auth context vlan- match prefix
MAC API Endpoints
API v2.1 r12 contained a reworking of the MAC related endpoints, deprecating the cdt_mis endpoint from earlier versions and replacing it with the mac and mis_record resource-level endpoints.
MAC Records (mac)
MAC Address Information.
| Field ID | Field Title | Type | Get, Add, Update | Description |
| deviceid | Device ID | integer | G, A, U | The Device the MAC address belongs to (if known) |
| firstseen | First Seen | time | G, A, U | The first time the MAC-IP data collector saw this MAC address |
| id | ID | integer | G, U | MAC Identifier |
| lastmisrec | Last MAC-IP Record | time | G, A, U | The last time the MAC-IP data collector added a record for this MAC address |
| lastseen | Last Seen | time | G, A, U | The last time the MAC-IP data collector saw this MAC address |
| name | MAC | string | G, A (required), U | The MAC address represented as a string |
| oui | Vendor | string | G, A, U | The Vendor associated to the MAC address |
| portid | Interface ID | integer | G, A, U | The port on the device the MAC address belongs to (if known) |
Links
| Link | Description | Link Target |
| deviceLink | Link to Device | cdt_device |
| portLink | Link to Interface | cdt_port |
MAC-IP Records (mis_record)
Individual MAC-IP records representing a network location where the MAC address was seen.
| Field ID | Field Title | Type | Get, Add, Update | Description |
| arp_router | ARP Device | integer | G, A | The device whose ARP cache the MAC address was retrieved from |
| connected_device | Connected Device | integer | G, A | Device ID of the device where the MAC address was seen |
| connected_port | Connected Interface | integer | G, A | Interface ID of the port where the MAC address was seen |
| id | ID | integer | G | Record Identifier |
| ip | IP Address | string | G, A | The IP Address of the MAC Device |
| name | MAC | string | G, A (required) | MAC Address |
| time | Time | time | G, A (required) | The time when the MAC-IP record was inserted |
| vlan_id | VLAN Id | integer | G, A | VLAN ID on the port where the MAC address was seen |
| vlan_name | VLAN Name | string | G, A | VLAN Name on the port where the MAC address was seen |
Links
| Link | Description | Link Target |
| arpLink | Link to ARP Device | cdt_device |
| deviceLink | Link to Device | cdt_device |
| macLink | Link to MAC | mac |
| portLink | Link to Interface | cdt_port |