Contents
Introduction
This document describes how to use Simple Network Management Protocol (SNMP) to obtain the port number on a Cisco Catalyst switch from which you know the MAC address.
Prerequisites
Requirements
Readers of this document should have knowledge of these topics:
-
How to get VLANs from a Catalyst switch with use of SNMP
-
How to use community string indexing with SNMP
-
General use of the SNMP get command and walk command
Components Used
This document applies to Catalyst switches that run regular Catalyst OS (CatOS) or Cisco IOS® Software. The software supports the BRIDGE-MIB and the IF-MIB.
The information in this document is based on these software and hardware versions:
-
Catalyst 3524XL that runs Cisco IOS Software Release 12.0(5)WC5a
-
Net-SNMP version 5.0.6
Note: To obtain this software, refer to Net-SNMP
.
.The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Background
For more information on how to query the content-addressable memory (CAM) table, VLANs, and all related MIBs, such as the CISCO-VTP-MIB and the BRIDGE-MIB, refer to the Background section of the document How To Get Dynamic CAM Entries (CAM Table) for Catalyst Switches Using SNMP.
Details of the MIB Variables, Which Includes Object Identifiers (OIDs)
.1.3.6.1.2.1.17.4.3.1.1
dot1dTpFdbAddress OBJECT-TYPE
-- FROM BRIDGE-MIB
-- TEXTUAL CONVENTION MacAddress
SYNTAX OCTET STRING (6)
MAX-ACCESS read-only
STATUS Mandatory
DESCRIPTION "A unicast MAC address for which the bridge has forwarding
and/or filtering information."
::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) dot1dBridge(17) dot1dTp(4)
dot1dTpFdbTable(3) dot1dTpFdbEntry(1) 1 }
.1.3.6.1.2.1.17.4.3.1.2
dot1dTpFdbPort OBJECT-TYPE
-- FROM BRIDGE-MIB
SYNTAX Integer
MAX-ACCESS read-only
STATUS Mandatory
DESCRIPTION "Either the value "0", or the port number of the port on which
a frame having a source
address equal to the value of the corresponding instance of
dot1dTpFdbAddress has been seen.
A value of "0" indicates that the port number has not been learned,
but that the bridge does
have some forwarding/filtering information about this address (that is,
in the StaticTable).
Implementors are encouraged to assign the port value to this
object whenever it is
learned, even for addresses for which the corresponding value of
dot1dTpFdbStatus is not learned(3)."
::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) dot1dBridge(17) dot1dTp(4)
dot1dTpFdbTable(3) dot1dTpFdbEntry(1) 2 }
.1.3.6.1.2.1.2.2.1.1
ifIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION "A unique value, greater than zero, for each interface. It
is recommended that values are assigned contiguously
starting from 1. The value for each interface sub-layer
must remain constant at least from one re-initialization of
the entity's network management system to the next re-
initialization."
::= { ifEntry 1 }
.1.3.6.1.2.1.17.1.4.1.2
dot1dBasePortIfIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The value of the instance of the ifIndex object,
defined in MIB-II, for the interface corresponding
to this port."
::= { dot1dBasePortEntry 2 }
.1.3.6.1.2.1.31.1.1.1.1
ifName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The textual name of the interface. The value of this
object should be the name of the interface as assigned by
the local device and should be suitable for use in commands
entered at the device's `console'. This might be a text
name, such as `le0' or a simple port number, such as `1',
depending on the interface naming syntax of the device. If
several entries in the ifTable together represent a single
interface as named by the device, then each will have the
same value of ifName. Note that for an agent which responds
to SNMP queries concerning an interface on some other
(proxied) device, then the value of ifName for such an
interface is the proxied device's local name for it.
If there is no local name, or this object is otherwise not
applicable, then this object contains a zero-length string."
::= { ifXEntry 1 }
Get the Port Number on Which a MAC Address Has Been Learned
Step-by-Step Instructions
Complete the steps in this section in order to use SNMP to get the port number on which a MAC address has been learned. Consider that the port number is in VLAN1.
Note: In the commands in this section:
-
public is the read community string.
-
@1 is the VLAN 1 part of the read community string.
-
crumpy is the device host name.
Note: You can also use the IP address for this host name.
Note: The Conclusion section uses the values that appear in italics in the command output.
-
Retrieve the VLANs. Use the snmpwalk command on the vtpVlanState object (.1.3.6.1.4.1.9.9.46.1.3.1.1.2 ):
%snmpwalk -c public crumpy .1.3.6.1.4.1.9.9.46.1.3.1.1.2 CISCO-VTP-MIB::vtpVlanState.1.1 = INTEGER: operational(1) CISCO-VTP-MIB::vtpVlanState.1.3 = INTEGER: operational(1) CISCO-VTP-MIB::vtpVlanState.1.7 = INTEGER: operational(1) CISCO-VTP-MIB::vtpVlanState.1.10 = INTEGER: operational(1) ...
Note: This command uses community string indexing. The command also uses vtpVlanState, which has OID .1.3.6.1.4.1.9.9.46.1.3.1.1.2. If you have loaded the MIBs to your network management system (NMS), you can use the object name instead of the OID. Issue this command instead:
%snmpwalk -c public@1 crumpy vtpVlanState
Note: You can also use the object names in steps 2 through 6.
-
Issue this command in order to obtain the MAC address table by considering that the port belongs to VLAN1:
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.4.3.1.1 17.4.3.1.1.0.0.12.7.172.8 = Hex: 00 00 0C 07 AC 08 17.4.3.1.1.0.1.2.27.80.145 = Hex: 00 01 02 1B 50 91 17.4.3.1.1.0.1.3.72.77.90 = Hex: 00 01 03 48 4D 5A 17.4.3.1.1.0.1.3.72.221.191 = Hex: 00 01 03 48 DD BF ...
Note: Provide the appropriate VLAN number after the community string. In this example, it is VLAN1.
The command lists all MAC addresses that have been learned on all ports that belong to VLAN 1.
-
Issue this command to determine the bridge port number for VLAN 1:
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.4.3.1.2 17.4.3.1.2.0.0.12.7.172.8 = 13 17.4.3.1.2.0.1.2.27.80.128 = 13 17.4.3.1.2.0.1.2.27.80.145 = 13 17.4.3.1.2.0.1.2.163.145.225 = 13 ...
Note: VLAN 1 is dot1dTpFdbPort , or .1.3.6.1.2.1.17.4.3.1.2.
-
Issue this command to map the bridge port to the ifIndex, OID .1.3.6.1.2.1.2.2.1.1:
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.1.4.1.2 17.1.4.1.2.13 = 2 17.1.4.1.2.14 = 3 17.1.4.1.2.15 = 4 17.1.4.1.2.16 = 5
This command queries the dot1dBasePortIfIndex, which has OID .1.3.6.1.2.1.17.1.4.1.2.
-
Use the walk command with ifName in order to correlate the ifIndex value with a correct port name.
Issue this command:
Note: The ifName has OID .1.3.6.1.2.1.31.1.1.1.1.
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.31.1.1.1.1 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.1 = VL1 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.3 = Fa0/2 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.4 = Fa0/3 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.5 = Fa0/4 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.6 = Fa0/5 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.7 = Fa0/6 ...
-
Link a MAC address to the port on which the address was learned.
-
From Step 1, the MAC address is:
17.4.3.1.1.0.0.12.7.172.8 = Hex: 00 00 0C 07 AC 08
-
From Step 2, the bridge port tells that the MAC address belongs to bridge port number 13:
17.4.3.1.2.0.0.12.7.172.8 = 13
-
From Step 3, the bridge port number 13 has ifIndex number 2:
17.1.4.1.2.13 = 2
-
From Step 4, the ifIndex 2 corresponds to port Fast Ethernet 0/1:
ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1
-
Conclusion
The MAC address 00 00 0C 07 AC 08 is learned on port Fa0/1.
Compare this conclusion with output from:
-
The show cam dynamic command for CatOS switches
-
The show mac command for Cisco IOS Software switches
Here is the sample output:
crumpy# show mac Dynamic Address Count: 58 Secure Address Count: 2 Static Address (User-defined) Count: 0 System Self Address Count: 51 Total MAC addresses: 111 Maximum MAC addresses: 8192 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- ------------------- 0000.0c07.ac08 Dynamic 1 FastEthernet0/1 0001.021b.5091 Dynamic 1 FastEthernet0/1 0001.0348.4d5a Dynamic 1 FastEthernet0/1 0001.0348.ddbf Dynamic 1 FastEthernet0/1 0001.972d.dfae Dynamic 1 FastEthernet0/1 0002.55c6.cfe7 Dynamic 1 FastEthernet0/1 0002.7d61.d400 Dynamic 1 FastEthernet0/1 …
Related Information
- SNMP Object Navigator
- Technical Support & Documentation – Cisco Systems
Как найти порт коммутатора, к которому подключен хост
Январь 13, 2015
Read the article HOW TO FIND A HOST BY IT’S MAC ADDRESS ON CISCO SWITCH in 
English
В повседневной работе очень часто появляется необходимость определить коммутатор и порт, к которому подключен пользователь или какое-то устройство. Для этого необязательно искать его визуально. Достаточно лишь узнать MAC адрес.
Секрет в том, что каждый коммутатор хранит информацию о всех МАС адресах, которые проявляют хоть какую-то сетевую активность за последние несколько минут. Необходимо просто грамотно этим воспользоваться.
Итак, допустим, что необходимо найти порт коммутатора, в который подключен пользователь Иванов. Достоверно известно, что ip адрес его компьютера 192.168.10.100
Возможно 2 варианта определения MAC адреса:
- Непосредственно на компьютере пользователя выполнить в командной строке команду ipconfig /all
Или
- Узнать МАС адрес удаленно, зная ip адрес компьютера пользователя. Это возможно при условии, что есть доступ к маршрутизатору Cisco или межсетевому экрану Cisco ASA, которое является шлюзом по умолчанию для хоста. ARP таблица на этих устройствах будет содержать соответствие МАС и IP адресов.
Для поиска используется команда sh arp | inc x.x.x.x, где х.х.х.х – ip адрес интересующего хоста.
R-DELTACONFIG-1# sh arp | inc 192.168.10.100
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.100 236 78ac.c0bb.74f2 ARPA Vlan10
Устройство с ip адресом 192.168.10.100 имеет МАС адрес 78ac.c0bb.74f2 и находится во Vlan 10.
Определив МАС адрес устройства, можно продолжить поиск его непосредственного месторасположения на коммутаторе.
Команда show mac address-table (иногда пишется с дополнительным дефисом вместо пробела show mac—address-table) показывает список всех МАС адресов активных устройств, которые подключены к коммутатору.
SW-DELTACONFIG-1# sh mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 1111.1111.1111 DYNAMIC Fa0/1
2 2222.2222.2222 DYNAMIC Fa0/2
3 3333.3333.3333 DYNAMIC Fa0/3
4 4444.4444.4444 DYNAMIC Fa0/4
Из-за большого количества записей, которые обычно присутствуют в этой таблице, рекомендуется использовать фильтр по нужному МАС адресу, причем достаточно последних 4х символов. В нашем случае поиск МАС адреса 78ac.c0bb.74f2 выглядит так:
SW-DELTACONFIG-1#sh mac address-table | inc 74f2
10 78ac.c0bb.74f2 DYNAMIC Gi0/1
Строка вывода показывает, что хост находится в Vlan 10 и подключен к порту коммутатора Gigabitethernet 0/1.
Если у вас небольшой офис и вся сеть организована только на одном единственном коммутаторе, то поиск окончен. Однако, если под управлением есть несколько устройств, то может быть так, что к найденному порту текущего коммутатора подключен не конечный хост, а другой коммутатор. В этом случае необходимо повторить поиск в таблице МАС адресов соседнего коммутатора.
Если в сети офиса их несколько, то определить имя и адрес управления нужного нам соседнего коммутатора помогут команды sh cdp neighbors, которая покажется имена и связанные порты всех коммутаторов Cisco, подключенных к текущему и sh cdp neighbors detail, в выводе которой дополнительно указаны ip адреса для управления соседними коммутаторами
SW-DELTACONFIG-1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SW-TEST-2
Gig 0/1 123 S I WS-C3560G-Gig 0/18
Device ID (SW-TEST-2) – имя соседнего устройства
Local Intrfce (Gig 0/1) – локальный интерфейс, куда подключен соседний коммутатор
Port ID (Gig 0/18) – интерфейс соседнего коммутатора.
SW-DELTACONFIG-1#sh cdp nei detail
-------------------------
Device ID: SW-TEST-2
Entry address(es):
IP address: 192.168.1.202
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0/18
Holdtime : 144 sec
Теперь необходимо зайти на соседний коммутатор SW-TEST-2 с адресом управления 192.168.1.202 и произвести на нем поиск нужного нам МАС адреса.
При должной сноровке указанный метод позволит находить хосты в сети любых размеров не более чем за пару минут, не вставая с рабочего места.
Перейти к оглавлению
Полное имя:
Эл. адрес:
Ваш комментарий:
Имя друга Чебурашки (при написании вместо буквы “а” используйте @) Пожалуйста, оставьте это поле пустым:
Подписаться на комментарии
Use these:
show cdp neighbor
show mac address-table
show ip arp
show cdp neighbor
This will show you other Cisco devices (Switches/Routers/WAPs/Fibre Switches) connected to the switch, tell you on which port they are connected to the switch, what their remote device name/IP are, and what model they are, and on what interface on the remote device they connect to that port on.
show mac address-table
This will show the MAC addresses to the ports, and is somewhat useful as you can use utilities to find the manufacturers, and you can get that info from the other devices individually.
However if you have portchannels/trunks you’ll want to figure out where they connect to and check those devices again.
show ip arp
This will save you a TON of time, so long as you have an IP address configured on the switch for each VLAN that it contains for the local network there you can see what IPs in that network match what MAC addresses from the previous command.
Ie. this spits out a list of IP addresses to MAC addresses to VLANs.
You can easily use Excel to map the ports that have MAC addresses found in show mac address-table to the IPs that match the MAC addresses from show ip arp
Add in that if you’re in a domain you can get the dnz zone file and match the IPS.
In a Windows Environment you can easily run DNSCMD on your Domain controller to quickly output a list of FQDNs to IPs and you can list most of your infrastructure by name to port.
your_switch2#show interfaces Fa0/13
FastEthernet0/13 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0018.7300.1122 (bia 0018.7300.1122 )
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 50000 bits/sec, 11 packets/sec
5 minute output rate 125000 bits/sec, 19 packets/sec
17009916 packets input, 2224460537 bytes, 0 no buffer
Received 49139 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 28 multicast, 0 pause input
0 input packets with dribble condition detected
53834839 packets output, 3153486266 bytes, 0 underruns
0 output errors, 8 collisions, 2 interface resets
0 babbles, 35 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
