Getting from MAC to ifIndex using SNMP MIBs on a Cat4500

Answered Question
Jan 18th, 2008
User Badges:


I am trying to pull MAC -> ifIndex information from a Catalyst 4500 running cat4500-entservicesk9-mz.122-31.SGA, except that BRIDGE-MIB:dot1dTpFdbTable is not supported.


I can link MACs to ifIndex using cpsSecureMacAddressTable, but only for interfaces where port security is enabled(?), and of course atTable gives me MAC -> VLan ifIndex, but still doesn't help me associate a MAC with a physical interface.


Does anyone have a suggestion or know an alternative?


Thanks,

Mark

Correct Answer by Joe Clarke about 9 years 4 months ago

The problem is you are using SNMPv3, and you most likely do not have SNMPv3 contexts configured. Run the command "show snmp context". This should list out all contexts supported on the switch. For each one of these contexts, you will need to add a command:


snmp-server group mygroup v3 auth context CONTEXT


Where CONTEXT is the context name. Once you have all your contexts configured, then you can use net-snmp's snmpwalk like so:


snmpwalk -v 3 -l authNoPriv -u myuser -a MD5 -A myuserpass -n CONTEXT x.x.x.x dot1dTpFdbTable


For example:


snmpwalk -v 3 -l authNoPriv -u myuser -a MD5 -A myuserpass -n vlan-100 14.32.100.39 dot1dTpFdbTable

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Fri, 01/18/2008 - 13:17
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

dot1dTpFdbTable is the way to go, and it is supported in this code. What problems do you see trying to access objects in this table? What version of SNMP are you using?

mark.doyle Fri, 01/18/2008 - 14:20
User Badges:


Thanks for the reply.


The switch is snmp v3. I'm using net-snmp 5.4.1 (ssl version) and Solarwinds 9.0.


I've looked at several switches using the same code, but I don't see any populated tables under dot1Bridge (1.3.6.2.1.17). I am able to pull a wide number of other tables without problems.


:/


I tried specifically pulling the dot1dTpFdbTable you suggested, but no values there either. If I walk BRIDGE-MIB I do see a few single values, like Dot1dBaseType.0 being 4 (srt).


Is it possible that these tables stop populating if port security is in use?


Mark

Correct Answer
Joe Clarke Fri, 01/18/2008 - 14:28
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The problem is you are using SNMPv3, and you most likely do not have SNMPv3 contexts configured. Run the command "show snmp context". This should list out all contexts supported on the switch. For each one of these contexts, you will need to add a command:


snmp-server group mygroup v3 auth context CONTEXT


Where CONTEXT is the context name. Once you have all your contexts configured, then you can use net-snmp's snmpwalk like so:


snmpwalk -v 3 -l authNoPriv -u myuser -a MD5 -A myuserpass -n CONTEXT x.x.x.x dot1dTpFdbTable


For example:


snmpwalk -v 3 -l authNoPriv -u myuser -a MD5 -A myuserpass -n vlan-100 14.32.100.39 dot1dTpFdbTable

Actions

This Discussion