cisco 2900xl - SNMP - Get mac address of device connected to an interface

Question

Basically what i want to do is to find out what is the mac address of a device plugged in to an interface on the switch (FastEthernet0/1 for example)

reading through the switch documentaion i found out that i can configure snmp trap on it to make it notify of any new mac address the switch detects by using the command

snmp-server enable traps mac-notifiction

but for some reason my switch does not support this feature. the only options i see are

CORE_SWITCH(config)#snmp-server enable traps ?
  c2900            Enable SNMP c2900 traps
  cluster          Enable Cluster traps
  config           Enable SNMP config traps
  entity           Enable SNMP entity traps
  hsrp             Enable SNMP HSRP traps
  snmp             Enable SNMP traps
  vlan-membership  Enable VLAN Membership traps
  vtp              Enable SNMP VTP traps
  <cr>

so the other way would be for me to run a cronjon on my gateway to poll the switch periodically using snmp to get new mac addresses

i have looked everywhere but cant seem to find the OID that would provide me this information.

any help i can get would me very much appreciated !

here's the output from "show version" on my switch

Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5.4)WC(1), MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Tue 10-Jul-01 11:52 by devgoyal
Image text-base: 0x00003000, data-base: 0x00333CD8

ROM: Bootstrap program is C2900XL boot loader

CORE_SWITCH uptime is 1 hour, 24 minutes
System returned to ROM by power-on
System image file is "flash:c2900XL-c3h2s-mz.120-5.4.WC.1.bin"


cisco WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.
Processor board ID FAB0409X1WS, with hardware revision 0x01
Last reset from power-on

Processor is running Enterprise Edition Software
Cluster command switch capable
Cluster member switch capable
12 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:01:42:D0:67:00
Motherboard assembly number: 73-3397-08
Power supply part number: 34-0834-01
Motherboard serial number: FAB040843G4
Power supply serial number: DAB05030HR8
Model revision number: A0
Motherboard revision number: C0
Model number: WS-C2912-XL-EN
System serial number: FAB0409X1WS
Configuration register is 0xF

thanks, -ankit

score 3 · Answer 1 · answered Jan 10 '11 at 23:41

Radius, thanks for pointing me in the right direction. googled up a bit based on your sugestions and i think i have it now.

To anyone else who might need it, this is the procedure ....

1. get the mac address detected on a vlan (1 in this example)

snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.17.4.3.1.1
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.0 = Hex-STRING: 00 01 42 D0 67 00
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.1 = Hex-STRING: 00 01 42 D0 67 01
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.2 = Hex-STRING: 00 01 42 D0 67 02
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.3 = Hex-STRING: 00 01 42 D0 67 03
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.4 = Hex-STRING: 00 01 42 D0 67 04
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.5 = Hex-STRING: 00 01 42 D0 67 05
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.6 = Hex-STRING: 00 01 42 D0 67 06
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.7 = Hex-STRING: 00 01 42 D0 67 07
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.8 = Hex-STRING: 00 01 42 D0 67 08
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.9 = Hex-STRING: 00 01 42 D0 67 09
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.10 = Hex-STRING: 00 01 42 D0 67 0A
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.11 = Hex-STRING: 00 01 42 D0 67 0B
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.1.66.208.103.12 = Hex-STRING: 00 01 42 D0 67 0C
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.30.236.196.143.130 = Hex-STRING: 00 1E EC C4 8F 82
    SNMPv2-SMI::mib-2.17.4.3.1.1.0.80.191.232.146.174 = Hex-STRING: 00 50 BF E8 92 AE


    2. get the bridge port number for each vlan

    snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.17.4.3.1.2
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.0 = INTEGER: 31
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.1 = INTEGER: 13
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.2 = INTEGER: 14
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.3 = INTEGER: 15
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.4 = INTEGER: 16
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.5 = INTEGER: 17
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.6 = INTEGER: 18
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.7 = INTEGER: 19
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.8 = INTEGER: 20
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.9 = INTEGER: 22
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.10 = INTEGER: 23
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.11 = INTEGER: 24
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.1.66.208.103.12 = INTEGER: 25
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.30.236.196.143.130 = INTEGER: 15
    SNMPv2-SMI::mib-2.17.4.3.1.2.0.80.191.232.146.174 = INTEGER: 13
    SNMPv2-SMI::mib-2.17.4.3.1.2.255.255.255.255.255.255 = INTEGER: 0

3. get bridge port number to ifindex mapping

    snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.17.1.4.1.2

    SNMPv2-SMI::mib-2.17.1.4.1.2.13 = INTEGER: 2
    SNMPv2-SMI::mib-2.17.1.4.1.2.14 = INTEGER: 3
    SNMPv2-SMI::mib-2.17.1.4.1.2.15 = INTEGER: 4
    SNMPv2-SMI::mib-2.17.1.4.1.2.16 = INTEGER: 5
    SNMPv2-SMI::mib-2.17.1.4.1.2.17 = INTEGER: 6
    SNMPv2-SMI::mib-2.17.1.4.1.2.18 = INTEGER: 7
    SNMPv2-SMI::mib-2.17.1.4.1.2.19 = INTEGER: 8
    SNMPv2-SMI::mib-2.17.1.4.1.2.20 = INTEGER: 9
    SNMPv2-SMI::mib-2.17.1.4.1.2.22 = INTEGER: 10
    SNMPv2-SMI::mib-2.17.1.4.1.2.23 = INTEGER: 11
    SNMPv2-SMI::mib-2.17.1.4.1.2.24 = INTEGER: 12
    SNMPv2-SMI::mib-2.17.1.4.1.2.25 = INTEGER: 13

4. get the ifname

    snmpwalk -c public@1 -v2c 10.1.1.10 1.3.6.1.2.1.31.1.1.1.1

    IF-MIB::ifName.1 = STRING: VL1
    IF-MIB::ifName.2 = STRING: Fa0/1
    IF-MIB::ifName.3 = STRING: Fa0/2
    IF-MIB::ifName.4 = STRING: Fa0/3
    IF-MIB::ifName.5 = STRING: Fa0/4
    IF-MIB::ifName.6 = STRING: Fa0/5
    IF-MIB::ifName.7 = STRING: Fa0/6
    IF-MIB::ifName.8 = STRING: Fa0/7
    IF-MIB::ifName.9 = STRING: Fa0/8
    IF-MIB::ifName.10 = STRING: Fa0/9
    IF-MIB::ifName.11 = STRING: Fa0/10
    IF-MIB::ifName.12 = STRING: Fa0/11
    IF-MIB::ifName.13 = STRING: Fa0/12
    IF-MIB::ifName.14 = STRING: Nu0

so in this case the 2 mac addresses on vlan 1 are on interfaces Fa0/1 and Fa0/3

Note that if you do some kind of script you probably don't need 1.3.6.1.2.1.17.4.3.1.1 as mac address is already in decimal in 1.3.6.1.2.1.17.4.3.1.2 OID's. (you can easily convert them). These OID's also work for IOS 12.1 but for IOS 12.2 you might also need 1.3.6.1.4.1.9.5.1.4.1.1.11 to map port id with port name — radius, Jan 11 '11 at 19:11
@radius: that is only *mostly* true. On Extreme switch I have at hand some MACs are written as 5 digit entities (which is wrong). So you still need to use 1.3.6.1.2.1.17.4.3.1.1 to be on the safe side. — johndodo, Nov 20 '12 at 08:35
@johndodo: question was about cisco device. Sure that for other vendors it might not work in the same way — radius, Mar 29 '13 at 12:48

radius · Accepted Answer · 2011-01-11T19:04:19.693

1

I'm not sure if it's supported on 2900/IOS 12.0 but you can try to broswe dot1dTpFdbPort (.1.3.6.1.2.1.17.4.3.1.2) You need to use a special community string including the vlan for which you want to get the mac address table: community@vlan_number So if your switch is 1.2.3.4, use community snmpro and have vlan 30, try this:

snmpwalk -v2c -c snmpro@30 1.2.3.4 1.3.6.1.2.1.17.4.3.1.2

edited Jan 11 '11 at 19:04

answered Jan 10 '11 at 22:47

radius

9,545
23
45

ok did some googling . its actually community_string@vlan. using that and the OID 1.3.6.1.2.1.17.4.3.1.1 i get ... SNMPv2-SMI::mib-2.17.4.3.1.1.0.30.236.196.143.130 = Hex-STRING: 00 1E EC C4 8F 82 along with other MAC addresses. Question is how do I correlate them with what interface / port they are being detected on ? – ankit Jan 10 '11 at 23:17
I think you answered yourself ;) – radius Jan 11 '11 at 19:08

cisco 2900xl - SNMP - Get mac address of device connected to an interface

2 Answers2