no mactrack results with port-security

[Perry]

I have enabled port-security on our cisco Switches.
On the Ports i enabled this feature I get now results with mactrack.
When I disable Port-security everything works fine.
Any Ideas?
I use mactrac Version 1.1

[streaker69]

[Perry]

[quote="streaker69"]
Did you add the MAC address of your Cacti box to the port that it cannot get the results from?[/quote]

The Server with mactrack is installed on a Port without Port-security.

The Problem is that I cannot get the Devices on A Switch which are pluged in in a Port with Port security. When I disable Port-Security everything works fine.
I don't understand where the problem is for the mactrack.
Which oids use the mactrack to get the informations from the Switch?

[Perry]

The ports on the switch are shown as down for mactrack with portsecurity,
When I disable the portsecurity th port is shown as up.
Some Ideas?

[Feldmann]

Did you get anywhere with this? I am just in the beginnings of installing mactrack, but I see the same thing you do with port security ports. I have PS turned on throughout the enterprise, so if I cant figure it out, mactrack will not work for me. I have a feeling that the scanner has to be customized to go after a different oid set. I can look at it over the next week or so, but didn't want to redo work if you figured something out.

Thanks.

[StfC]

Hi,

We have the same problem. When I remove port-security MACTrack works. With port-security 'User ports up' and 'Active Macs' are 0.
I configured my Cisco 3750 to use 'get_IOS_dot1dTpFdbEntry_ports' as Switch/Router.
When I manually walk OID .1.3.6.1.2.1.3.1.1.2, I get all the MAC's, and when I walk OID .1.3.6.1.2.1.2.2.1.8 I get the Up/Down Status of each interface. There is no difference between an interface with or without port-security.

In the debug mode, I get for the right vlan the client of which I turned off port-security: DEBUG: INDEX: '0' MAC ADDRESS: 00:**:**:**:**:**
The clients in the same or other vlan connected to a port with port-security are not listed.

Is there any solution for this? Or where do I have to look in the code to debug this? I already tried, but I can't find the right place where it goes wrong.

Thanks,
Stef

[homeratspringfield]

I ran into the same issue and after debugging through the code, found where it fails.
With port-security enabled, cam table records entries as static instead of dynamic. This gets filtered out by default in get_base_dot1dTpFdbEntry_ports function.
To fix it, change line 665 in lib/mactrack_functions.php from:
if (@$port_status[$key] == "3") {
to:
if (@$port_status[$key] == "3"||@$port_status[$key] == "5") {

Enjoy.

[StfC]

Thanks! It works.

Grz,
Stef