Some range of MAC addresses which cannot obtain by SNMP

Answered Question
Aug 18th, 2012
User Badges:

Hello network exparts.

I have a problem to get MAC address from Catalyst swiches using Net-SNMP.

"snmpwalk -v 2c -c communityname switchname ." does not answer some range of  MAC addresses. The version of snmpwalk is 5.6.1 and 5.7.

Suppose hexadecimal number XX is in range 20 <= XX <= 7e, if all XX of MAC address XX:XX:XX:XX:XX:XX is in this range, Catalyst switches do not answer this MAC address via SNMP, but I can get the address by command line "show mac address-table"

I made ARP packet by Linux arping command "arping -0 -s 20:20:20:20:20:20 -p DST-IP-address" ( -s switch means SRC-MAC address) , but 20:20:20:20:20:20 is not obtaind by snmpwalk. But when I tried "arping -0 -s 20:20:20:20:7f:20 -p DST-IP-address", snmpwalk replies "Hex-STRING: 20 20 20 20 7F 20".

This test is done on Vlan 1 (Native), I tried VLAN-indexed "snmpwalk -v 2c -c [email protected] switchname .", but no improvement.

I only checked Catalyst IOS version 15.0(1)SE3 (2960,2960G,2960S,3750X) and 12.2(55)SE6 (3750G).  But I think all of IOS-15.0 and IOS-12.X have this problem.

Correct Answer by Vinod Arya about 4 years 11 months ago

Glad to see the good news. Hope the guide was helpful.

You may close this thread if the issue is resolved.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
srkala Sat, 08/18/2012 - 21:52
User Badges:


whenever you try to do snmpwalk is the walk getting timeout? also have you tried snmpwalk on any other vlan?

Vinod Arya Sun, 08/19/2012 - 00:00
User Badges:
  • Cisco Employee,

Your OID is correct, but this is not the right way to get Mac-address table details. SNMP v1 and v2c requires SNMP Community String Indexing to see mac-add on per Vlan basis.

That means you have to add @ number to get mac-add details/vlan on the above command.

Example :

You Tried :

snmpwalk -v 2c -c communityname switchname .

It should be :

snmpwalk -v 2c -c communityname@ switchname .


snmpwalk -v 2c -c [email protected] switchname .

For more details on this check the document :



m.torii Sun, 08/19/2012 - 02:43
User Badges:

Thank you exparts.

I tried both

snmpwalk -v 2c -c communityname switchname .

snmpwalk -v 2c -c [email protected] switchname .

They return the same reply ( not timeout, other MAC addresses are obtained correctly ), becouse only Native-VLAN1 is used on my switches. I belibe this is not a VLAN problem, I suspect that SNMP server of IOS has a bug, dropping some MAC addresses from learnled MAC address list.

In my network, I cannot find the place of a SONY PC whose MAC address is 54:42:49:63:54:5f, because every hexadecimals 54,42,49,63,54,5f is in range 20<=X<=7e. If a intruder changes MAC address of the victim device to 20:20:20:20:20:20, network administrators cannot find the place of him by SNMP.

m.torii Sun, 08/19/2012 - 05:12
User Badges:

Sorry, this is self reply.

By investigating snmpwalk of OID . (not ., I found that the OID part after . gives learned MAC address in decimal number. Converting them to hexadecimal numbers, I can get the same MAC-address list obtained by command "show mac address-table".

Thank you.

Correct Answer
Vinod Arya Sun, 08/19/2012 - 12:05
User Badges:
  • Cisco Employee,

Glad to see the good news. Hope the guide was helpful.

You may close this thread if the issue is resolved.



This Discussion

Related Content