08-18-2012 01:00 PM
Hello network exparts.
I have a problem to get MAC address from Catalyst swiches using Net-SNMP.
"snmpwalk -v 2c -c communityname switchname .1.3.6.1.2.1.17.4.3.1.1" does not answer some range of MAC addresses. The version of snmpwalk is 5.6.1 and 5.7.
Suppose hexadecimal number XX is in range 20 <= XX <= 7e, if all XX of MAC address XX:XX:XX:XX:XX:XX is in this range, Catalyst switches do not answer this MAC address via SNMP, but I can get the address by command line "show mac address-table"
I made ARP packet by Linux arping command "arping -0 -s 20:20:20:20:20:20 -p DST-IP-address" ( -s switch means SRC-MAC address) , but 20:20:20:20:20:20 is not obtaind by snmpwalk. But when I tried "arping -0 -s 20:20:20:20:7f:20 -p DST-IP-address", snmpwalk replies "Hex-STRING: 20 20 20 20 7F 20".
This test is done on Vlan 1 (Native), I tried VLAN-indexed "snmpwalk -v 2c -c communityname@1 switchname .1.3.6.1.2.1.17.4.3.1.1", but no improvement.
I only checked Catalyst IOS version 15.0(1)SE3 (2960,2960G,2960S,3750X) and 12.2(55)SE6 (3750G). But I think all of IOS-15.0 and IOS-12.X have this problem.
Solved! Go to Solution.
08-19-2012 12:05 PM
Glad to see the good news. Hope the guide was helpful.
You may close this thread if the issue is resolved.
-Thanks
08-18-2012 09:52 PM
Hi,
whenever you try to do snmpwalk is the walk getting timeout? also have you tried snmpwalk on any other vlan?
08-19-2012 12:00 AM
Your OID is correct, but this is not the right way to get Mac-address table details. SNMP v1 and v2c requires SNMP Community String Indexing to see mac-add on per Vlan basis.
That means you have to add @
Example :
You Tried :
snmpwalk -v 2c -c communityname switchname .1.3.6.1.2.1.17.4.3.1.1
It should be :
snmpwalk -v 2c -c communityname@
ex:
snmpwalk -v 2c -c communityname@1 switchname .1.3.6.1.2.1.17.4.3.1.1
For more details on this check the document :
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml
-Thanks
Vinod
08-19-2012 02:43 AM
Thank you exparts.
I tried both
snmpwalk -v 2c -c communityname switchname .1.3.6.1.2.1.17.4.3.1.1
snmpwalk -v 2c -c communityname@1 switchname .1.3.6.1.2.1.17.4.3.1.1
They return the same reply ( not timeout, other MAC addresses are obtained correctly ), becouse only Native-VLAN1 is used on my switches. I belibe this is not a VLAN problem, I suspect that SNMP server of IOS has a bug, dropping some MAC addresses from learnled MAC address list.
In my network, I cannot find the place of a SONY PC whose MAC address is 54:42:49:63:54:5f, because every hexadecimals 54,42,49,63,54,5f is in range 20<=X<=7e. If a intruder changes MAC address of the victim device to 20:20:20:20:20:20, network administrators cannot find the place of him by SNMP.
08-19-2012 05:12 AM
Sorry, this is self reply.
By investigating snmpwalk of OID .1.3.6.1.2.1.17.4.3.1.2 (not .1.3.6.1.2.1.17.4.3.1.1), I found that the OID part after .1.3.6.1.2.1.17.4.3.1.2 gives learned MAC address in decimal number. Converting them to hexadecimal numbers, I can get the same MAC-address list obtained by command "show mac address-table".
Thank you.
08-19-2012 12:05 PM
Glad to see the good news. Hope the guide was helpful.
You may close this thread if the issue is resolved.
-Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: