[c-nsp] MAC address from cisco IOS switches

mack mack at exchange.alphared.com
Mon Jan 28 21:49:45 EST 2008 

> -----Original Message-----
> Subject: cisco-nsp Digest, Vol 62, Issue 115
>
>
> Message: 9
> Date: Mon, 28 Jan 2008 12:50:47 -0800
> From: Prabhu Gurumurthy <pgurumu at gmail.com>
> Subject: [c-nsp] MAC address from cisco IOS switches
> To: cisco-nsp at puck.nether.net
> Message-ID: <479E4027.1080606 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> All,
>
> We have close to 15 2960 switches connected to twin 3750's with 15+
> VLANs in the
> domain. 3750's are stacked and it is the VTP server with 2960's being
> client.
> There are no switches acting in transparent mode.
>
> I want to get the MAC addresses from 3750's and 2960 using SNMP,
> instead of
> logging into each switch and looking up mac address using sh mac
> address-table.
>
> I looked through Cisco website and stumbled upon this website:
> http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186
> a00801c9199.shtml
>
> This document deals only with Catalyst not IOS. Is there a easy way to
> get MAC
> entries using SNMP on IOS switch.
>
> BTW I am using
> pgurumur-vm-openbsd (OpenBSD): [~]
> 10.200.3.0: [1500]$  snmpget -v 1 -c silver4ro c2960-04 sysDescr.0
> SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, C2960 Software
> (C2960-LANBASEK9-M), Version 12.2(37)SE, RELEASE SOFTWARE (fc2)
> Copyright (c) 1986-2007 by Cisco Systems, Inc.
> Compiled Thu 10-May-07 16:43 by antonino
>
> when I query RFC1213-MIB::atPhysAddress I am getting the following
> entries but
> not the entire list
>

This is the wrong community to retrieve the full table:

You must issue one mac-address retrieval walk for each vlan.
This uses indexed community strings ie.

indexed community string = <regular community string>@<vlan index>

The following document explains community string indexing:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801576ff.shtml

This document and

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml

Apply to both CatOS and Cisco IOS.

The correct oid to get the mac address list is: 1.3.6.1.2.1.17.4.3.1.1

On larger platforms (6509 for example) with larger mac address tables this can be a very long process causing
excessive CPU load.

Matching bridge IDs with mac-addresses uses OID: 1.3.6.1.2.1.17.4.3.1.2
This is probably easiest to use if you are writing custom software.

If you need to get the port you have to also get the bridge id and ifnum mappings.

Another poster suggested using SNMP v2 which is not necessary but is recommended.

--
LR Mack McBride
Network Administrator
Alpha Red, Inc

More information about the cisco-nsp mailing list