3 Replies Latest reply on May 18, 2015 8:12 AM by sathya4046

    MAC address history

    thatguy

      Newbie here, new to IPAM.  We are a medium sized organization looking into something more than a spreadsheet as a IPAM solution.

       

      Is it possible to search on a MAC address to display a chronological log of all ip addresses that were leased, expired, etc by this particular MAC address?  This is useful for troubleshooting should a device be moved or the port be reconfigured, and this allows tracking the lifecycle of a device (rather than an ip address).

       

      Thanks

        • Re: MAC address history
          Craig Norborg

          Ok, I thought it could, but I just definitely confirmed it for you.

           

          By default it doesn't search on MAC addresses, but there is a down arrow in the search box that if you click on it gives you the option of what fields to search on. 

           

          I was able to confirm that it does this by going into the database and looking up where it stores the historical IP info and doing a count on the EndpointID to find multiple occurrences of the same MAC Address, picked one that had a lot, figured out what MAC it was and do a search on that.   Have a few months history on it over different IP's and such.  One note, in the DB the MAC address is stored as just letters/numbers, no dashes or anything.  When searching I had to do it in 58-94-6B-32-66-F0, so it is a bit picky on search format.

           

          That being said, don't be surprised if you get duplicate MAC addresses in your organization.  It's not common, but it is definitely possible. 

           

          I got a kick out of watching a show last night, I believe "The Followers", where they wanted to find where a particular laptop was and they brought up that they have the BIA of the laptop.  I think they referred to is as the "Built-In Address" rather than the more commonly known "Burned-In Address" that I'm sure most of us refer to it as.   They were hoping to find this super-hacker would could do all kinds of magic real-time and they were acting like this BIA was easily trackable and unique to each system and that you could track it down like a cell phone.   If the guy was as good a hacker as he was made out to be, changing the BIA is quite simple and I'm sure he would have done it.  Not to mention that the BIA is a L2 concept and not readily searchable on a worldwide basis either.   But, I'm sure there is all kinds of non-networking folks all paranoid about their BIA's being traceable now as a result of that show!!   :-)

            • Re: MAC address history
              thatguy

              Thanks Craig, very good to know this product has the capability.  I will give the trial version a try now, but it's incredibly helpful to have someone with historical data confirm this.

               

              I didn't understand the database pieces you mention, I assume you connected directly to it to interrogate the tables.  Just to confirm, you didn't have to do anything special other than search the BIA in a format with dashes, correct?

               

              Thanks again!