1) Can someone show me where I can find now the UserTrackingUtility : CiscoWorksUserTrackingUtility2.0.exe on the Download Section ? I cannot find it anymore.
2) I have a strange problem with UserTracking Report. I'm trying to find a user or anything else (IP Address, etc...) but I always receive : "No end host found."
When I do a "Detailled End Host Report", I can see that on every host connected, only MAC ADDRESS is shown. No IP ADDRESS, No HOSTNAME, nothing else.
CiscoWorks Server is in the same VLAN as Users and DC Server (AD, DNS, ...), and Switches are in another VLAN (management Switches) and these are separated by a Firewall.
Anyone have an idea ?
UTU 2.0 is locatated unter Campus Manger 5.2:
the IP addresses for end-hosts are collected by query the router, which acts as the gateway for the IP subnet. If this is a firewall or an ASA you cannot get this information as these are security devices and they will not talk to LMS and provide this information. This is one of the common issues when only MAC addresses are seen. If you have a normal router as a gateway, make sure it is properly managed by LMS (it must have a green icon on the topology map - which means it is accessible by SNMP)
Thank you for your information.
Indeed, this is a FIREWALL as default gateway, not a normal router.
So, how could I solve this issue ?
A solution could be to move LMS Server in the same VLAN as te Switches ?
Because LMS is a Management station for LAN, so doesn't need to be in the user or server vlans.
But this idea will solve correctly the User Tracking problem ?
the problem is not where LMS is located - as long it can communicate with the device through SNMP. The problem is, that Campus needs to get the ARP information from the routing device - and your firewall will not tell Campus anything...
In this scenario a solution could be to put a dummy router into the network. All clients will use this one as the gateway, so this device has all the ARP entries and Campus can talk to it but then the router forwards the traffic to the firewall to do the real routing.
LMS does not need to be in the user or server Vlan - instead, this could be seen as a security risk. The best would be if you have a seperate VLAN for management traffic for your network and put it in this one.
This solution cannot be implemented.
If we are changing all user's gateway to the dummy router, all the traffic will be routed but not filtered by the firewall anymore.
BUT, we could add a dummy router in the VLAN 5 Management (VLAN where are connected our Switches) and use this router as gateway ONLY for LMS Server. Should it be a solution or we still have the same problem ?