Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
2
Replies

SNMP Problems for Catalyst 3560 - IP3 appliance can't query switch

baskervi
Level 1
Level 1

‎06-19-2009 11:30 AM

We're in a catch 22, but a little history first. We're supporting a hotel that is using an IP3 NetAccess gateway to control guest Internet access. From my understanding, the IP3 gateway does an SNMP query to determine which port a particular MAC address is on, and the string I found from debugging SNMP on the switch is "dot1dTpFdbEntry.2.0.25.125.40.43.200", which I believe is also ".1.3.6.1.2.1.17.4.3.1. 2.0.25.125.40.43.200". This OID does not "live" on this switch, so we tried a spare 2948G with the IP3 and got the same results. IP3 was sued and is apparently out of business, and the Catalyst is running the latest version of firmware (I believe 12.2.50). We're under the gun to get this working, but I'm out of ideas, and unfortunately replacing the IP3 isn't an option at this point. Does anyone have ideas we could try?

Thank you.

Allyn

Labels:
0 Helpful
2 Replies 2

luijimen
Cisco Employee
Cisco Employee

‎06-29-2009 04:17 PM

Hi Allyn.

I see you are trying to get the port on which a specific MAC shows up, right?

You are querying the correct OID in order to get this info (dot1dTpFdbPort). However, there is a catch when querying this OID and other BRIDGE-MIB OIDs: requires community string indexing.

Community string indexing basically means to append "@" plus your VLAN number, to the community string.

For example, if your read community is "cisco" and the port you wish to monitor is configured on VLAN 100, your query must use "cisco@100" as its community in order to be able to retrieve the value.

More info can be found here:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801576ff.shtml

Try doing the following:

1) Get your actual MAC addresses using CLI. For CatOS, run "show cam dynamic"; for IOS, run "show mac-address-table"

Verify the VLAN number where the entries were found.

2) Query the dot1dTpFdbPort, using the correct community string indexing.

3) If it was done correctly, you should be able to retrieve the port where the MAC was found.

Note: The index dot1dTpFdbEntry.2.0.25.125.40.43.200, should be translated to HEX values, in order to find the MAC address.

For example, 0.25.125.40.43.200 is the DECIMAL value of the MAC address reported. This should mean the MAC you are currently checking on is 00-19-7D-28-2B-C8

Hope this helps.

Luis

0 Helpful

baskervi
Level 1
Level 1
In response to luijimen

‎07-01-2009 07:12 AM

I hope to check this out sometime this week. I wasn't aware of this, and I certainly appreciate the info.

0 Helpful
Customers Also Viewed These Support Documents