Wireless Access

Reply
Contributor I

SNMP OID for directly connected users on ports to S3500

We are trying to use a MIB browser to get a list of all mac addresses and associated ports on our S3500s. Has anyone be successful in getting this information? If so, what OID did you use?

 

We have tried the following OID with no success 1.3.6.1.2.1.17.4.3.1.1 (dot1dTpFdbAddress).

 

When we run "show mac-address-table" from cli on the switch; all the correct information is displayed.

 

Thanks

 

Jimmy

 

 

Jimmy Brown
Network Security Engineer
ACCP
Aruba

Re: SNMP OID for directly connected users on ports to S3500

Jimmy,

The BRIDGE MIB only includes data for MAC Addresses in VLAN 1 so if you have no MAC addresses in VLAN 1, you won't get any data. The Q-BRIDGE MIB on the otherhand is vlan aware. I just ran a quick test and the MAC address data is populated:

Q-BRIDGE-MIB::dot1qTpFdbStatus.4.0.26.30.0.150.176 = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus.4.0.26.30.18.130.128 = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus.100.0.12.41.238.246.7 = INTEGER: other(1)
Q-BRIDGE-MIB::dot1qTpFdbStatus.100.0.26.30.18.130.128 = INTEGER: learned(3)

Q-BRIDGE-MIB::dot1qTpFdbStatus.110.0.26.30.18.130.128 = INTEGER: learned(3)

The first value after "dot1qTpFdbStatus" represents the VLAN ID, the remaining values are the decimal equivalents of the MAC address. Here is the MAC address table from the switch I tested with if you want to compare:

(host) #show mac-address-table
 
Total MAC address: 5
Learnt: 4, Static: 0, Auth: 1, Phone: 0 Sticky: 0 Blacklisted: 0
 
MAC Address Table
-----------------
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  ----------------
00:1a:1e:00:96:b0    Learnt        0004  GE0/1/0
00:1a:1e:12:82:80    Learnt        0004  GE0/1/0
00:0c:29:ee:f6:07    Auth          0100  GE0/0/3
00:1a:1e:12:82:80    Learnt        0100  GE0/1/0

00:1a:1e:12:82:80    Learnt        0110  GE0/1/0

Contributor I

Re: SNMP OID for directly connected users on ports to S3500

Madani,

 

Thanks for the information. I did not know about the BRIDGE MIB and in our case we are not using VLAN 1. So, I was able to find the Q-BRIDGE-MIB in a MIB Browser and I now see the mac address list from our switch.

 

Now that I have the mac addresses where do I get the associated destination port information that is the last column in the #show mac-address-table command?

 

Jimmy

Jimmy Brown
Network Security Engineer
ACCP
Aruba

Re: SNMP OID for directly connected users on ports to S3500

Jimmy,

Sorry for the delay, I had to do a little testing and unfortunately I think we have a gap here. As I highlighted in my previous comment, you can see the MAC Address Table using the Q-BRIDGE-MIB information (better output after using some snmpwalk knobs):

 

[root@localhost ~]# snmpwalk -v2c -c nyclab 10.73.4.202 -O X0 Q-BRIDGE-MIB::dot1qTpFdbTable 2>/dev/null
Q-BRIDGE-MIB::dot1qTpFdbPort[4][STRING: 00:1a:1e:00:96:b0] = INTEGER: 161
Q-BRIDGE-MIB::dot1qTpFdbPort[4][STRING: 00:1a:1e:12:82:80] = INTEGER: 161
Q-BRIDGE-MIB::dot1qTpFdbPort[100][STRING: 00:0c:29:ee:f6:07] = INTEGER: 36
Q-BRIDGE-MIB::dot1qTpFdbPort[100][STRING: 00:1a:1e:12:82:80] = INTEGER: 161
Q-BRIDGE-MIB::dot1qTpFdbPort[110][STRING: 00:06:53:ee:a0:bc] = INTEGER: 43
Q-BRIDGE-MIB::dot1qTpFdbPort[110][STRING: 00:1a:1e:12:82:80] = INTEGER: 161
Q-BRIDGE-MIB::dot1qTpFdbPort[110][STRING: 70:81:05:3d:a8:8c] = INTEGER: 52
Q-BRIDGE-MIB::dot1qTpFdbStatus[4][STRING: 00:1a:1e:00:96:b0] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[4][STRING: 00:1a:1e:12:82:80] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[100][STRING: 00:0c:29:ee:f6:07] = INTEGER: other(1)
Q-BRIDGE-MIB::dot1qTpFdbStatus[100][STRING: 00:1a:1e:12:82:80] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[110][STRING: 00:06:53:ee:a0:bc] = INTEGER: other(1)
Q-BRIDGE-MIB::dot1qTpFdbStatus[110][STRING: 00:1a:1e:12:82:80] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[110][STRING: 70:81:05:3d:a8:8c] = INTEGER: other(1)

 

Now in the above you'll see that for dot1qTpFdbPort, we have some integer values, these are not the Interface Index values but the spanning-tree protocol index values. Now here is where I've run into a bit of a problem. To see the relationship between the Interface Index and the STP index values, you should use the BRIDGE MIB's dot1dBasePortIfIndex values however since that OID only cares about the default vlan (VLAN 1), you only get an index relationship for ports that have VLAN 1 attached to them.

 

[root@localhost ~]# snmpwalk -v2c -c nyclab 10.73.4.202 -O X0 BRIDGE-MIB::dot1dBasePortIfIndex 2>/dev/null
RFC1286-MIB::dot1dBasePortIfIndex[161] = INTEGER: 129

 

So in the above, I'm only seeing one of my ports since only one port in the MAC Address Table is on VLAN 1 (Access) or has VLAN 1 (Trunk) so it doesn't give me the complete picture. I need to check how other vendors handle it, I've read that some ignore the rules so to speak and populate the Index values in the BRIDGE MIB irrespective of VLAN but let me do some digging.

 

Best regards,

 

Madani

Aruba

Re: SNMP OID for directly connected users on ports to S3500

Jimmy,

I knew I was forgetting something. The BRIDGE-MIB is enabled for what is called Community String Indexing. What that means is that when you don't specify an index, you get the default bridge instance which is VLAN 1. You can specify a VLAN to focus on just ports with that VLAN or "all" to get all instances. So when I was capturing outputs in my previous post, I forgot to set the index value to "all".

 

So let's start with the Q-BRIDGE-MIB again...

 

[root@localhost ~]# snmpwalk -v2c -c nyclab 10.73.4.202 -O X0 Q-BRIDGE-MIB::dot1qTpFdbTable 2>/dev/null
Q-BRIDGE-MIB::dot1qTpFdbPort[4][STRING: 00:1a:1e:00:96:b0] = INTEGER: 161        <==== Keep note of this value
Q-BRIDGE-MIB::dot1qTpFdbPort[4][STRING: 00:1a:1e:12:82:80] = INTEGER: 161
Q-BRIDGE-MIB::dot1qTpFdbPort[100][STRING: 00:0c:29:ee:f6:07] = INTEGER: 36        <==== Keep note of this value
Q-BRIDGE-MIB::dot1qTpFdbPort[100][STRING: 00:1a:1e:12:82:80] = INTEGER: 161
Q-BRIDGE-MIB::dot1qTpFdbPort[110][STRING: 00:06:53:ee:a0:bc] = INTEGER: 43        <==== Keep note of this value
Q-BRIDGE-MIB::dot1qTpFdbPort[110][STRING: 00:1a:1e:12:82:80] = INTEGER: 161
Q-BRIDGE-MIB::dot1qTpFdbPort[110][STRING: 70:81:05:3d:a8:8c] = INTEGER: 52        <==== Keep note of this value
Q-BRIDGE-MIB::dot1qTpFdbStatus[4][STRING: 00:1a:1e:00:96:b0] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[4][STRING: 00:1a:1e:12:82:80] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[100][STRING: 00:0c:29:ee:f6:07] = INTEGER: other(1)
Q-BRIDGE-MIB::dot1qTpFdbStatus[100][STRING: 00:1a:1e:12:82:80] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[110][STRING: 00:06:53:ee:a0:bc] = INTEGER: other(1)
Q-BRIDGE-MIB::dot1qTpFdbStatus[110][STRING: 00:1a:1e:12:82:80] = INTEGER: learned(3)
Q-BRIDGE-MIB::dot1qTpFdbStatus[110][STRING: 70:81:05:3d:a8:8c] = INTEGER: other(1)

 

Notice this time I've added "@all" after my community string so it shows me all Bridge Instances.


[root@localhost ~]# snmpwalk -v2c -c nyclab@all 10.73.4.202 -O X0 BRIDGE-MIB::dot1dBasePortIfIndex 2>/dev/null
RFC1286-MIB::dot1dBasePortIfIndex[33] = INTEGER: 1
RFC1286-MIB::dot1dBasePortIfIndex[34] = INTEGER: 2
RFC1286-MIB::dot1dBasePortIfIndex[35] = INTEGER: 3
RFC1286-MIB::dot1dBasePortIfIndex[36] = INTEGER: 4    <==== So the value from the first table (36) goes to 4
RFC1286-MIB::dot1dBasePortIfIndex[37] = INTEGER: 5
RFC1286-MIB::dot1dBasePortIfIndex[38] = INTEGER: 6
RFC1286-MIB::dot1dBasePortIfIndex[39] = INTEGER: 7
RFC1286-MIB::dot1dBasePortIfIndex[40] = INTEGER: 8
RFC1286-MIB::dot1dBasePortIfIndex[41] = INTEGER: 9
RFC1286-MIB::dot1dBasePortIfIndex[42] = INTEGER: 10
RFC1286-MIB::dot1dBasePortIfIndex[43] = INTEGER: 11    <==== So the value from the first table (43) goes to 11
RFC1286-MIB::dot1dBasePortIfIndex[44] = INTEGER: 12
RFC1286-MIB::dot1dBasePortIfIndex[45] = INTEGER: 13
RFC1286-MIB::dot1dBasePortIfIndex[46] = INTEGER: 14
RFC1286-MIB::dot1dBasePortIfIndex[47] = INTEGER: 15
RFC1286-MIB::dot1dBasePortIfIndex[48] = INTEGER: 16
RFC1286-MIB::dot1dBasePortIfIndex[49] = INTEGER: 17
RFC1286-MIB::dot1dBasePortIfIndex[50] = INTEGER: 18
RFC1286-MIB::dot1dBasePortIfIndex[51] = INTEGER: 19
RFC1286-MIB::dot1dBasePortIfIndex[52] = INTEGER: 20    <==== So the value from the first table (52) goes to 20
RFC1286-MIB::dot1dBasePortIfIndex[53] = INTEGER: 21
RFC1286-MIB::dot1dBasePortIfIndex[54] = INTEGER: 22
RFC1286-MIB::dot1dBasePortIfIndex[55] = INTEGER: 23
RFC1286-MIB::dot1dBasePortIfIndex[56] = INTEGER: 24
RFC1286-MIB::dot1dBasePortIfIndex[161] = INTEGER: 129    <==== So the value from the first table (161) goes to 129
RFC1286-MIB::dot1dBasePortIfIndex[162] = INTEGER: 130

 

Now I have the ifIndex values which I can then map to the ifDescr values....


[root@localhost ~]# snmpwalk -v2c -c nyclab 10.73.4.202 -O X0 ifDescr.4 2>/dev/null
IF-MIB::ifDescr[4] = STRING: gigabitethernet0/0/3
[root@localhost ~]# snmpwalk -v2c -c nyclab 10.73.4.202 -O X0 ifDescr.11 2>/dev/null
IF-MIB::ifDescr[11] = STRING: gigabitethernet0/0/10
[root@localhost ~]# snmpwalk -v2c -c nyclab 10.73.4.202 -O X0 ifDescr.20 2>/dev/null
IF-MIB::ifDescr[20] = STRING: gigabitethernet0/0/19
[root@localhost ~]# snmpwalk -v2c -c nyclab 10.73.4.202 -O X0 ifDescr.129 2>/dev/null
IF-MIB::ifDescr[129] = STRING: gigabitethernet0/1/0

 

I'm now going to verify the above against the mac-address-table CLI. I should expect to have entries for 0/0/3, 0/0/10, 0/0/19 and 0/1/0 per the above...


(host) #show mac-address-table

Total MAC address: 7
Learnt: 4, Static: 0, Auth: 3, Phone: 0 Sticky: 0 Blacklisted: 0

MAC Address Table
-----------------
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  ----------------
00:1a:1e:00:96:b0    Learnt        0004  GE0/1/0
00:1a:1e:12:82:80    Learnt        0004  GE0/1/0
00:0c:29:ee:f6:07    Auth          0100  GE0/0/3
00:1a:1e:12:82:80    Learnt        0100  GE0/1/0
00:06:53:ee:a0:bc    Auth          0110  GE0/0/10
00:1a:1e:12:82:80    Learnt        0110  GE0/1/0
70:81:05:3d:a8:8c    Auth          0110  GE0/0/19

 

And I DO! I hope this helps.

 

Contributor I

Re: SNMP OID for directly connected users on ports to S3500

Madani,

 

That was perfect! Thank you! I was able to get the information from my switch with a couple different commands.

 

I am curious though about the first command being used, I am using Ubuntu to run the snmpwalk and I am not able to use the Object name in the command nor am I able to see the mac address in hex in the output. I am having to use the OID number in the command and the mac address is displayed in decimal.Then I have to convert manually the decimal to hex to find the mac address in hex notation (not fun but easy for one or two).

 

If you do not mind sharing, what are you using to run the snmpwalk to use the Objectname in the command and display the mac address?

 

Jimmy

Jimmy Brown
Network Security Engineer
ACCP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: