Yash,
Getting closer, but that just returns the vlan assignment on ports, which for our environment are mostly vlan 1. The traffic coming in on those ports is painted with the vlan based on the role the MAC is set into, and that's what we need to see.
here's the output of the first 23 ports from the snmpwalk:
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.1 = Gauge32: 64
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.2 = Gauge32: 70
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.3 = Gauge32: 64
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.4 = Gauge32: 69
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.5 = Gauge32: 65
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.6 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.7 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.8 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.9 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.10 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.11 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.12 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.13 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.14 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.15 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.16 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.17 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.18 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.19 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.20 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.21 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.22 = Gauge32: 1
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.23 = Gauge32: 1
Here's the output of a show int status for the same ports:
1/A1 RM104 UPS1 Down Auto 1000FDx 100/1000T No 64
1/A2 Siemens... Up Auto 100FDx 100/1000T No 70
1/A3 CGL Panel Up Auto 100FDx 100/1000T No 64
1/A4 Facilit... Down Auto 1000FDx 100/1000T No 69
1/A5 Dispatc... Up Auto 100FDx 100/1000T No 65
1/A6 Down Auto 1000FDx 100/1000T No 1
1/A7 Down Auto 1000FDx 100/1000T No 1
1/A8 Up Auto 1000FDx 100/1000T No 65
1/A9 Down Auto 1000FDx 100/1000T No 1
1/A10 Down Auto 1000FDx 100/1000T No 1
1/A11 Up Auto 1000FDx 100/1000T No 65
1/A12 Down Auto 1000FDx 100/1000T No 1
1/A13 Up Auto 1000FDx 100/1000T No 11
1/A14 Up Auto 100FDx 100/1000T No multi
1/A15 Up Auto 100FDx 100/1000T No 65
1/A16 Down Auto 1000FDx 100/1000T No 1
1/A17 Down Auto 1000FDx 100/1000T No 1
1/A18 Up Auto 1000FDx 100/1000T No multi
1/A19 Up Auto 100FDx 100/1000T No multi
1/A20 Up Auto 1000FDx 100/1000T No 11
1/A21 Down No 1
1/A22 Down No 1
1/A23 Up Auto 10GigFD 10GbE-GEN No No
Using port A8 as an example, the snmpwalk reports vlan 1:
BRIDGE-MIB::dot1dBridge.7.1.4.5.1.1.8 = Gauge32: 1
But the show int statu shows vlan 65:
1/A8 Up Auto 1000FDx 100/1000T No 65
In this case, there is just a phone on the port, which has its traffic painted into vlan 65, our voice vlan:
Feldberg-edge# sho mac-add 1/A8
Status and Counters - Port Address Table - 1/A8
MAC Address VLANs
----------------- ------------
2c0be9-04fbc7 65
interface 1/A8
untagged vlan 1
aaa port-access mac-based
aaa port-access mac-based addr-limit 10
loop-protect
exit
Here's the port-access piece:
Feldberg-edge# sho port-acc cli 1/A8
Port Access Client Status
Port Client Name MAC Address IP Address User Role Type VLAN
----- ------------- ----------------- --------------- ----------------- ----- -------------------------------------------------------
1/A8 noc 2c0be9-04fbc7 n/a CISCO-PHONE-RO... MAC 65
We need a method of getting a list of physical ports that have any device behind them that is being tagged into vlan 65 as above.
Here's the list of all the ports in that first group of 23 that have phones talking on them:
Feldberg-edge# sho port-acc cli | incl CISCO-PHONE
1/A8 noc 2c0be9-04fbc7 n/a CISCO-PHONE-RO... MAC 65
1/A11 noc@brande... cc70ed-562d6d n/a CISCO-PHONE-RO... MAC 65
1/A14 noc@brande... c0626b-d2f242 n/a CISCO-PHONE-RO... MAC 65
1/A15 noc@brande... cc70ed-57d955 n/a CISCO-PHONE-RO... MAC 65
1/A18 fc:fb:fb:c... fcfbfb-cbc6d3 n/a CISCO-PHONE-RO... MAC 65
1/A19 noc@brande... c0626b-d2f347 n/a CISCO-PHONE-RO... MAC 65
Ports 18 and 19 show their VLAN as "multi" in the show interface output, as they have multiple devices attached, each in their own VLAN per the port-access client role mapping.
Mike