Some range of MAC addresses which cannot obtain by SNMP

Answered Question
Aug 18th, 2012

Hello network exparts.

I have a problem to get MAC address from Catalyst swiches using Net-SNMP.

"snmpwalk -v 2c -c communityname switchname .1.3.6.1.2.1.17.4.3.1.1" does not answer some range of  MAC addresses. The version of snmpwalk is 5.6.1 and 5.7.

Suppose hexadecimal number XX is in range 20 <= XX <= 7e, if all XX of MAC address XX:XX:XX:XX:XX:XX is in this range, Catalyst switches do not answer this MAC address via SNMP, but I can get the address by command line "show mac address-table"

I made ARP packet by Linux arping command "arping -0 -s 20:20:20:20:20:20 -p DST-IP-address" ( -s switch means SRC-MAC address) , but 20:20:20:20:20:20 is not obtaind by snmpwalk. But when I tried "arping -0 -s 20:20:20:20:7f:20 -p DST-IP-address", snmpwalk replies "Hex-STRING: 20 20 20 20 7F 20".

This test is done on Vlan 1 (Native), I tried VLAN-indexed "snmpwalk -v 2c -c communityname@1 switchname .1.3.6.1.2.1.17.4.3.1.1", but no improvement.

I only checked Catalyst IOS version 15.0(1)SE3 (2960,2960G,2960S,3750X) and 12.2(55)SE6 (3750G).  But I think all of IOS-15.0 and IOS-12.X have this problem.

I have this problem too.
0 votes
Correct Answer by Vinod Arya about 1 year 7 months ago

Glad to see the good news. Hope the guide was helpful.

You may close this thread if the issue is resolved.

-Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
srkala Sat, 08/18/2012 - 21:52

Hi,

whenever you try to do snmpwalk is the walk getting timeout? also have you tried snmpwalk on any other vlan?

Vinod Arya Sun, 08/19/2012 - 00:00

Your OID is correct, but this is not the right way to get Mac-address table details. SNMP v1 and v2c requires SNMP Community String Indexing to see mac-add on per Vlan basis.

That means you have to add @ number to get mac-add details/vlan on the above command.

Example :

You Tried :

snmpwalk -v 2c -c communityname switchname .1.3.6.1.2.1.17.4.3.1.1

It should be :

snmpwalk -v 2c -c communityname@ switchname .1.3.6.1.2.1.17.4.3.1.1

ex:

snmpwalk -v 2c -c communityname@1 switchname .1.3.6.1.2.1.17.4.3.1.1

For more details on this check the document :

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml

-Thanks

Vinod

m.torii Sun, 08/19/2012 - 02:43

Thank you exparts.

I tried both

snmpwalk -v 2c -c communityname switchname .1.3.6.1.2.1.17.4.3.1.1

snmpwalk -v 2c -c communityname@1 switchname .1.3.6.1.2.1.17.4.3.1.1

They return the same reply ( not timeout, other MAC addresses are obtained correctly ), becouse only Native-VLAN1 is used on my switches. I belibe this is not a VLAN problem, I suspect that SNMP server of IOS has a bug, dropping some MAC addresses from learnled MAC address list.

In my network, I cannot find the place of a SONY PC whose MAC address is 54:42:49:63:54:5f, because every hexadecimals 54,42,49,63,54,5f is in range 20<=X<=7e. If a intruder changes MAC address of the victim device to 20:20:20:20:20:20, network administrators cannot find the place of him by SNMP.

m.torii Sun, 08/19/2012 - 05:12

Sorry, this is self reply.

By investigating snmpwalk of OID .1.3.6.1.2.1.17.4.3.1.2 (not .1.3.6.1.2.1.17.4.3.1.1), I found that the OID part after .1.3.6.1.2.1.17.4.3.1.2 gives learned MAC address in decimal number. Converting them to hexadecimal numbers, I can get the same MAC-address list obtained by command "show mac address-table".

Thank you.

Correct Answer
Vinod Arya Sun, 08/19/2012 - 12:05

Glad to see the good news. Hope the guide was helpful.

You may close this thread if the issue is resolved.

-Thanks

Actions

Login or Register to take actions

This Discussion

Posted August 18, 2012 at 1:00 PM
Stats:
Replies:5 Avg. Rating:5
Views:982 Votes:0
Shares:0
Tags: snmp
+

Related Content

Discussions Leaderboard

Rank Username Points
1 2,473
2 1,624
3 1,445
4 861
5 578