Report or FlexView to find ports with more than 3 MAC addresses

  • 0
  • 2
  • Question
  • Updated 2 weeks ago
  • Answered
Hello everybody

I'm searching for all switchports with more than 3 MAC addresses. The goal is to find unmanaged switches in my network. I tried to do it with a FlexView, but I couldn't find a matching MIB. Does anybody solved this problem already?

Thank you very much. Yves
Photo of Yves Haslimann

Yves Haslimann

  • 828 Points 500 badge 2x thumb

Posted 2 weeks ago

  • 0
  • 2
Photo of Pascal Lurquin

Pascal Lurquin

  • 970 Points 500 badge 2x thumb
Good question !
Because I'm using some export with the CLI "show fdb ..." then using it with Excel sheet then sorting ... analyze ...
Photo of Yves Haslimann

Yves Haslimann

  • 828 Points 500 badge 2x thumb
Exactly, I'm doing it in the same way. There is also a methode with MAC-Locking (logging only), but I'm more interested in a FlexView or so...
Photo of Kurt Semba

Kurt Semba, Employee

  • 1,174 Points 1k badge 2x thumb
Do you have NAC rolled out?
Photo of Yves Haslimann

Yves Haslimann

  • 828 Points 500 badge 2x thumb
Hi Kurt, yes I have.
Photo of Kurt Semba

Kurt Semba, Employee

  • 1,174 Points 1k badge 2x thumb
Well, then you could create a custom report for XMC that implements an SQL query against the NAC end-system database. That query could select all unique switchport names (would need to combine the switch IP with the port name) and then count the occurances. That should give you the number of end-systems seen per port. Then filter for those which have a count larger than 3. 

Haven't tried to solve this specific use case but with SQL it should be doable.

But this requires some knowledge of the DB and the XML report. 

Unfortunately, not as easy as a FlexView...
Photo of Yves Haslimann

Yves Haslimann

  • 828 Points 500 badge 2x thumb
Thank you for your answer. Since my SQL skills are limited, I will probably go the conventional way. ;-). But if I find time, I'll check this. Thanks.