Some range of MAC addresses which cannot obtain by SNMP

Answered Question
Aug 18th, 2012

Hello network exparts.

I have a problem to get MAC address from Catalyst swiches using Net-SNMP.

"snmpwalk -v 2c -c communityname switchname ." does not answer some range of  MAC addresses. The version of snmpwalk is 5.6.1 and 5.7.

Suppose hexadecimal number XX is in range 20 <= XX <= 7e, if all XX of MAC address XX:XX:XX:XX:XX:XX is in this range, Catalyst switches do not answer this MAC address via SNMP, but I can get the address by command line "show mac address-table"

I made ARP packet by Linux arping command "arping -0 -s 20:20:20:20:20:20 -p DST-IP-address" ( -s switch means SRC-MAC address) , but 20:20:20:20:20:20 is not obtaind by snmpwalk. But when I tried "arping -0 -s 20:20:20:20:7f:20 -p DST-IP-address", snmpwalk replies "Hex-STRING: 20 20 20 20 7F 20".

This test is done on Vlan 1 (Native), I tried VLAN-indexed "snmpwalk -v 2c -c communityname@1 switchname .", but no improvement.

I only checked Catalyst IOS version 15.0(1)SE3 (2960,2960G,2960S,3750X) and 12.2(55)SE6 (3750G).  But I think all of IOS-15.0 and IOS-12.X have this problem.

I have this problem too.
0 votes
Correct Answer by Vinod Arya about 2 years 9 months ago

Glad to see the good news. Hope the guide was helpful.

You may close this thread if the issue is resolved.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
srkala Sat, 08/18/2012 - 21:52


whenever you try to do snmpwalk is the walk getting timeout? also have you tried snmpwalk on any other vlan?

Vinod Arya Sun, 08/19/2012 - 00:00

Your OID is correct, but this is not the right way to get Mac-address table details. SNMP v1 and v2c requires SNMP Community String Indexing to see mac-add on per Vlan basis.

That means you have to add @ number to get mac-add details/vlan on the above command.

Example :

You Tried :

snmpwalk -v 2c -c communityname switchname .

It should be :

snmpwalk -v 2c -c communityname@ switchname .


snmpwalk -v 2c -c communityname@1 switchname .

For more details on this check the document :



m.torii Sun, 08/19/2012 - 02:43

Thank you exparts.

I tried both

snmpwalk -v 2c -c communityname switchname .

snmpwalk -v 2c -c communityname@1 switchname .

They return the same reply ( not timeout, other MAC addresses are obtained correctly ), becouse only Native-VLAN1 is used on my switches. I belibe this is not a VLAN problem, I suspect that SNMP server of IOS has a bug, dropping some MAC addresses from learnled MAC address list.

In my network, I cannot find the place of a SONY PC whose MAC address is 54:42:49:63:54:5f, because every hexadecimals 54,42,49,63,54,5f is in range 20<=X<=7e. If a intruder changes MAC address of the victim device to 20:20:20:20:20:20, network administrators cannot find the place of him by SNMP.

m.torii Sun, 08/19/2012 - 05:12

Sorry, this is self reply.

By investigating snmpwalk of OID . (not ., I found that the OID part after . gives learned MAC address in decimal number. Converting them to hexadecimal numbers, I can get the same MAC-address list obtained by command "show mac address-table".

Thank you.

Correct Answer
Vinod Arya Sun, 08/19/2012 - 12:05

Glad to see the good news. Hope the guide was helpful.

You may close this thread if the issue is resolved.



Login or Register to take actions

This Discussion

Posted August 18, 2012 at 1:00 PM
Replies:5 Overall Rating:5
Views:1065 Votes:0
Tags: snmp

Related Content