Collect MAC-Adresses of connected devices via SNMP

1

i am working on an script, which collects data from Netgear-switches via SNMP. My problem is, that i am not able to find the OID, which represents the MAC-address of the clients connected to a port.

SNMPWalk has found some - but not all- addresses on OIDs like iso.0.8802.1.1.2.1.4.1.1.5.18524162.7.7 (returns an HEX-String of the device connected to port 7)

Does anybody know, how to collect the addresses of all (directly) connected devices or which OID should be used here?

Regards R.Christes

R.Christes

Posted 2018-09-10T11:23:23.627

Reputation: 23

Answers

1

I would use 1.3.6.1.2.1.17.4.3.1.1 to get the list of the connected devices. Please note that the list includes the MAC addresses of the ports too and when another switch is connected to one of the ports then there will be more MACs in the list (MAC of devices connected to the other switch).

1.3.6.1.2.1.17.4.3.1.2 has the list of corresponding port IDs.

These are standard OIDs and not Netgear specific so this should work with any brand.

Here is a sample output from my Mikrotik:

bcs78@sv1:~# snmpwalk -l authPriv -a SHA -A password -x AES -X password -u community 192.168.88.1 1.3.6.1.2.1.17.4.3.1
iso.3.6.1.2.1.17.4.3.1.1.0.12.66.194.81.97 = Hex-STRING: 00 0C 42 C2 51 61
iso.3.6.1.2.1.17.4.3.1.1.0.12.66.231.167.149 = Hex-STRING: 00 0C 42 E7 A7 95
iso.3.6.1.2.1.17.4.3.1.1.28.116.13.111.54.18 = Hex-STRING: 1C 74 0D 6F 36 12
iso.3.6.1.2.1.17.4.3.1.1.40.194.221.106.213.139 = Hex-STRING: 28 C2 DD 6A D5 8B
iso.3.6.1.2.1.17.4.3.1.1.120.29.186.155.14.13 = Hex-STRING: 78 1D BA 9B 0E 0D
iso.3.6.1.2.1.17.4.3.1.1.172.133.61.155.120.36 = Hex-STRING: AC 85 3D 9B 78 24
iso.3.6.1.2.1.17.4.3.1.1.176.70.252.87.106.236 = Hex-STRING: B0 46 FC 57 6A EC
iso.3.6.1.2.1.17.4.3.1.1.176.70.252.87.107.46 = Hex-STRING: B0 46 FC 57 6B 2E
iso.3.6.1.2.1.17.4.3.1.1.184.39.235.8.17.87 = Hex-STRING: B8 27 EB 08 11 57
iso.3.6.1.2.1.17.4.3.1.1.228.141.140.231.7.102 = Hex-STRING: E4 8D 8C E7 07 66
iso.3.6.1.2.1.17.4.3.1.1.228.141.140.231.7.103 = Hex-STRING: E4 8D 8C E7 07 67
iso.3.6.1.2.1.17.4.3.1.1.228.141.140.231.7.104 = Hex-STRING: E4 8D 8C E7 07 68
iso.3.6.1.2.1.17.4.3.1.1.228.141.140.231.7.105 = Hex-STRING: E4 8D 8C E7 07 69
iso.3.6.1.2.1.17.4.3.1.1.228.141.140.231.7.107 = Hex-STRING: E4 8D 8C E7 07 6B
iso.3.6.1.2.1.17.4.3.1.2.0.12.66.194.81.97 = INTEGER: 4
iso.3.6.1.2.1.17.4.3.1.2.0.12.66.231.167.149 = INTEGER: 5
iso.3.6.1.2.1.17.4.3.1.2.28.116.13.111.54.18 = INTEGER: 3
iso.3.6.1.2.1.17.4.3.1.2.40.194.221.106.213.139 = INTEGER: 19
iso.3.6.1.2.1.17.4.3.1.2.120.29.186.155.14.13 = INTEGER: 6
iso.3.6.1.2.1.17.4.3.1.2.172.133.61.155.120.36 = INTEGER: 6
iso.3.6.1.2.1.17.4.3.1.2.176.70.252.87.106.236 = INTEGER: 4
iso.3.6.1.2.1.17.4.3.1.2.176.70.252.87.107.46 = INTEGER: 5
iso.3.6.1.2.1.17.4.3.1.2.184.39.235.8.17.87 = INTEGER: 4
iso.3.6.1.2.1.17.4.3.1.2.228.141.140.231.7.102 = INTEGER: 26
iso.3.6.1.2.1.17.4.3.1.2.228.141.140.231.7.103 = INTEGER: 5
iso.3.6.1.2.1.17.4.3.1.2.228.141.140.231.7.104 = INTEGER: 4
iso.3.6.1.2.1.17.4.3.1.2.228.141.140.231.7.105 = INTEGER: 3
iso.3.6.1.2.1.17.4.3.1.2.228.141.140.231.7.107 = INTEGER: 19
(...)

As you can see the child OIDs are created dynamicaly (ie.: a new OID for the MAC 00:0C:42:C2:51:61 has been created in a decimal representation as (...).0.12.66.194.81.97).

As it is discussed in the comments below the above OIDs are true for some devices (I've tested it on a Mikrotik router). However VLAN capable switches more likely to use the OID 1.3.6.1.2.1.17.7.1.2.2.1 instead where the child OID .1 is the MAC address table and .2 contains the associated ports but the basic principle is the same.

bcs78

Posted 2018-09-10T11:23:23.627

Reputation: 723

1Many VLAN-capable switches do not actually support this OID. Instead they use 1.3.6.1.2.1.17.7.1.2.2.1.2 from 802.1Q, which includes the VLAN ID along with the MAC address. (I believe this is for "independent learning" support.) – user1686 – 2018-09-10T13:53:29.917

I've tried this, the OIDs of @bcs78 only return "noSuchInstance", if I run SNMPWalk on 1.3.6.1.2.1.17.7.1.2.2.1.2, it returns a bunch of Integer-Values under OIDs like iso.3.6.1.2.1.17.7.1.2.2.1.2.1.0.0.203.97.24.145 = INTEGER: 52 – R.Christes – 2018-09-11T07:18:50.510

This returns "No Such Object available on this agent at this OID" Do I have to configure something on the switch, or do i have to use a specific SNMP-version? – R.Christes – 2018-09-11T09:18:29.337

If I run SNMPWalk on the parend OID, it returns a bunch of integer values under OIDs I am not able to recognize like iso.3.6.1.2.1.17.7.1.2.2.1.2.1.0.128.163.182.231.31 = INTEGER: 52 – R.Christes – 2018-09-11T11:27:45.913

That's it, thank you very much for your patience :-) – R.Christes – 2018-09-12T06:10:20.480

Asked: 2018-09-10T11:23:23.627

Viewed: 1 060 times

Active: 2018-09-28T06:41:56.910