cisco 2900xl - SNMP - Get mac address of device connected to an interface

cisco switch snmp oid
6,693

Solution 1

I'm not sure if it's supported on 2900/IOS 12.0 but you can try to broswe dot1dTpFdbPort (.1.3.6.1.2.1.17.4.3.1.2) You need to use a special community string including the vlan for which you want to get the mac address table: community@vlan_number So if your switch is 1.2.3.4, use community snmpro and have vlan 30, try this:

snmpwalk -v2c -c snmpro@30 1.2.3.4 1.3.6.1.2.1.17.4.3.1.2

Solution 2

Radius, thanks for pointing me in the right direction. googled up a bit based on your sugestions and i think i have it now.

To anyone else who might need it, this is the procedure ....

1. get the mac address detected on a vlan (1 in this example)

snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.17.4.3.1.1
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.0 = Hex-STRING: 00 01 42 D0 67 00
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.1 = Hex-STRING: 00 01 42 D0 67 01
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.2 = Hex-STRING: 00 01 42 D0 67 02
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.3 = Hex-STRING: 00 01 42 D0 67 03
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.4 = Hex-STRING: 00 01 42 D0 67 04
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.5 = Hex-STRING: 00 01 42 D0 67 05
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.6 = Hex-STRING: 00 01 42 D0 67 06
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.7 = Hex-STRING: 00 01 42 D0 67 07
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.8 = Hex-STRING: 00 01 42 D0 67 08
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.9 = Hex-STRING: 00 01 42 D0 67 09
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.10 = Hex-STRING: 00 01 42 D0 67 0A
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.11 = Hex-STRING: 00 01 42 D0 67 0B
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.12 = Hex-STRING: 00 01 42 D0 67 0C
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.30.236.196.143.130 = Hex-STRING: 00 1E EC C4 8F 82
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.80.191.232.146.174 = Hex-STRING: 00 50 BF E8 92 AE


    2. get the bridge port number for each vlan

    snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.17.4.3.1.2
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.0 = INTEGER: 31
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.1 = INTEGER: 13
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.2 = INTEGER: 14
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.3 = INTEGER: 15
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.4 = INTEGER: 16
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.5 = INTEGER: 17
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.6 = INTEGER: 18
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.7 = INTEGER: 19
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.8 = INTEGER: 20
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.9 = INTEGER: 22
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.10 = INTEGER: 23
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.11 = INTEGER: 24
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.12 = INTEGER: 25
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.30.236.196.143.130 = INTEGER: 15
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.80.191.232.146.174 = INTEGER: 13
    SNMPv2-SMI::mib-2.17.4.3.1.2.255.255.255.255.255.255 = INTEGER: 0

3. get bridge port number to ifindex mapping

    snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.17.1.4.1.2

    SNMPv2-SMI::mib-2.17.1.4.1.2.13 = INTEGER: 2
    SNMPv2-SMI::mib-2.17.1.4.1.2.14 = INTEGER: 3
    SNMPv2-SMI::mib-2.17.1.4.1.2.15 = INTEGER: 4
    SNMPv2-SMI::mib-2.17.1.4.1.2.16 = INTEGER: 5
    SNMPv2-SMI::mib-2.17.1.4.1.2.17 = INTEGER: 6
    SNMPv2-SMI::mib-2.17.1.4.1.2.18 = INTEGER: 7
    SNMPv2-SMI::mib-2.17.1.4.1.2.19 = INTEGER: 8
    SNMPv2-SMI::mib-2.17.1.4.1.2.20 = INTEGER: 9
    SNMPv2-SMI::mib-2.17.1.4.1.2.22 = INTEGER: 10
    SNMPv2-SMI::mib-2.17.1.4.1.2.23 = INTEGER: 11
    SNMPv2-SMI::mib-2.17.1.4.1.2.24 = INTEGER: 12
    SNMPv2-SMI::mib-2.17.1.4.1.2.25 = INTEGER: 13

4. get the ifname

    snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.31.1.1.1.1

    IF-MIB::ifName.1 = STRING: VL1
    IF-MIB::ifName.2 = STRING: Fa0/1
    IF-MIB::ifName.3 = STRING: Fa0/2
    IF-MIB::ifName.4 = STRING: Fa0/3
    IF-MIB::ifName.5 = STRING: Fa0/4
    IF-MIB::ifName.6 = STRING: Fa0/5
    IF-MIB::ifName.7 = STRING: Fa0/6
    IF-MIB::ifName.8 = STRING: Fa0/7
    IF-MIB::ifName.9 = STRING: Fa0/8
    IF-MIB::ifName.10 = STRING: Fa0/9
    IF-MIB::ifName.11 = STRING: Fa0/10
    IF-MIB::ifName.12 = STRING: Fa0/11
    IF-MIB::ifName.13 = STRING: Fa0/12
    IF-MIB::ifName.14 = STRING: Nu0

so in this case the 2 mac addresses on vlan 1 are on interfaces Fa0/1 and Fa0/3

Share:
6,693

Related videos on Youtube

ankit
Author by

ankit

Updated on September 17, 2022

Comments

  • ankit
    ankit over 1 year

    Basically what i want to do is to find out what is the mac address of a device plugged in to an interface on the switch (FastEthernet0/1 for example)

    reading through the switch documentaion i found out that i can configure snmp trap on it to make it notify of any new mac address the switch detects by using the command

    snmp-server enable traps mac-notifiction

    but for some reason my switch does not support this feature. the only options i see are

    CORE_SWITCH(config)#snmp-server enable traps ?
  c2900            Enable SNMP c2900 traps
  cluster          Enable Cluster traps
  config           Enable SNMP config traps
  entity           Enable SNMP entity traps
  hsrp             Enable SNMP HSRP traps
  snmp             Enable SNMP traps
  vlan-membership  Enable VLAN Membership traps
  vtp              Enable SNMP VTP traps
  <cr>

    so the other way would be for me to run a cronjon on my gateway to poll the switch periodically using snmp to get new mac addresses

    i have looked everywhere but cant seem to find the OID that would provide me this information.

    any help i can get would me very much appreciated !

    here's the output from "show version" on my switch

    Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.4)WC(1), MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Tue 10-Jul-01 11:52 by devgoyal
Image text-base: 0x00003000, data-base: 0x00333CD8

ROM: Bootstrap program is C2900XL boot loader

CORE_SWITCH uptime is 1 hour, 24 minutes
System returned to ROM by power-on
System image file is "flash:c2900XL-c3h2s-mz.120-5.4.WC.1.bin"


cisco WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.
Processor board ID FAB0409X1WS, with hardware revision 0x01
Last reset from power-on

Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:01:42:D0:67:00
Motherboard assembly number: 73-3397-08
Power supply part number: 34-0834-01
Motherboard serial number: FAB040843G4
Power supply serial number: DAB05030HR8
Model revision number: A0
Motherboard revision number: C0
Model number: WS-C2912-XL-EN
System serial number: FAB0409X1WS
Configuration register is 0xF

    thanks, -ankit

  • ankit
    ankit over 13 years
    ok did some googling . its actually community_string@vlan. using that and the OID 1.3.6.1.2.1.17.4.3.1.1 i get ... SNMPv2-SMI::mib-2.17.4.3.1.1.0.30.236.196.143.130 = Hex-STRING: 00 1E EC C4 8F 82 along with other MAC addresses. Question is how do I correlate them with what interface / port they are being detected on ?
  • radius
    radius over 13 years
    I think you answered yourself ;)
  • radius
    radius over 13 years
    Note that if you do some kind of script you probably don't need 1.3.6.1.2.1.17.4.3.1.1 as mac address is already in decimal in 1.3.6.1.2.1.17.4.3.1.2 OID's. (you can easily convert them). These OID's also work for IOS 12.1 but for IOS 12.2 you might also need 1.3.6.1.4.1.9.5.1.4.1.1.11 to map port id with port name
  • ankit
    ankit over 13 years
    yep .. figured that when i started coding !
  • johndodo
    johndodo over 11 years
    @radius: that is only mostly true. On Extreme switch I have at hand some MACs are written as 5 digit entities (which is wrong). So you still need to use 1.3.6.1.2.1.17.4.3.1.1 to be on the safe side.
  • radius
    radius about 11 years
    @johndodo: question was about cisco device. Sure that for other vendors it might not work in the same way

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SNMP OID: How to find the firmware version of a cisco switch from MIB
Possible to configure Cisco switch (IOS) via SNMP?
cisco: get mac address from cdp neighbors
snmp OID not increasing
What is the difference between SNMP GETBULK and GET operations
Can a Cisco SG300 Layer 3 Switch act as a NAT router?
how to take backup of the MDS 9000 series switch configuration
Windows Server 2003 SNMP Disk I/O OID's
How to disable multicast on a single port
Unable to add allowed VLANs to trunk and port not trunking