Printable View
Hi,
I need to know the sequence of SNMP object ID's (OID's) that I need to
send to a switch (via SNMP) in order to work out exactly which
physical port on the switch a particular PC is connected to.
That is, I have some code that can, using SNMP, send OID's to
successfully query a switch to get the switch's description, etc.
But I need to know how I can dynamically query the switch (using
OID's) to find out which port on the switch a particular machine is
connected to.
Thanks in advance.
On Jan 11, 11:40*pm, Wayne.Co...@cybview.com wrote:[color=blue]
> Hi,
> I need to know the sequence of SNMP object ID's (OID's) that I need to
> send to a switch (via SNMP) *in order to work out exactly which
> physical port on the switch a particular PC is connected to.
>[/color]
Assuming you know the PCs IP or MAC,
1. Use the atTable in MIB-2
snmpwalk the atTable until you find the PC's atNetAddress or
atPhysAddress.
When you find a match, the atIfIndex is the switch port you want
(you can get the description from ifTable if you want)
2. If your switch supports BRIDGE-MIB
Use the dot1dTpFdbTable. You can query the switch
directly using the PCs MAC address.
Hope that helps,
-----
Vivek Rajan
Unleash Networks
[color=blue]
> That is, I have some code that can, using SNMP, send OID's to
> successfully query a switch to get the switch's description, etc.
>
> But I need to know how I can dynamically query the switch (using
> OID's) to find out which port on the switch a particular machine is
> connected to.
>
> Thanks in advance.[/color]
On Jan 12, 4:46 pm, VivekRajan <vivek_rajago...@yahoo.com> wrote:[color=blue]
> On Jan 11, 11:40 pm, Wayne.Co...@cybview.com wrote:
>[color=green]
> > Hi,
> > I need to know the sequence of SNMP object ID's (OID's) that I need to
> > send to a switch (via SNMP) in order to work out exactly which
> > physical port on the switch a particular PC is connected to.[/color]
>
> Assuming you know the PCs IP or MAC,
>
> 1. Use the atTable in MIB-2
> snmpwalk the atTable until you find the PC's atNetAddress or
> atPhysAddress.
> When you find a match, the atIfIndex is the switch port you want
> (you can get the description from ifTable if you want)
>
> 2. If your switch supports BRIDGE-MIB
> Use the dot1dTpFdbTable. You can query the switch
> directly using the PCs MAC address.
>
> Hope that helps,
>
> -----
> Vivek Rajan
> Unleash Networks
>
>
>[color=green]
> > That is, I have some code that can, using SNMP, send OID's to
> > successfully query a switch to get the switch's description, etc.[/color]
>[color=green]
> > But I need to know how I can dynamically query the switch (using
> > OID's) to find out which port on the switch a particular machine is
> > connected to.[/color]
>[color=green]
> > Thanks in advance.- Hide quoted text -[/color]
>
> - Show quoted text -[/color]
Thanks Vivek, but I'm not sure of what you mean or how to put into
practise what you have written.
So let me make myself clear.
I can use SNMP to send the switch the object identifier
"1.3.6.1.2.1.1.1.0" in order to get the switch's
description(sysDescription).
I can send the switch the object identifier (OID) "1.3.6.1.2.1.1.3.0"
to get it to return the total time it has been up-and-running
(SysUptime)
All this I can do, easily via SNMP because these are clearly
documented SNMP instructions.
What I need is a similar sequence of object identifiers that will in
some way give me the port number that a particular PC (in relation to
its IP or Mac Address) is physically connected to.
I've used SnmpWalk and as far as I can see I cannot find my machines
Mac Address in the outputted data (even though there are some Mac
Addresses listed).
I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
number of network interfaces supported by the switch (apparently) and
then used the information returned to get back data matching Mac
Addresses to text in the form of "Vlan100", "Vlan101", etc.
But I don't understand it.
Is there a way (there is but I can't remember it) to simply use a
sequence of OID's to query a switch so that
it returns data that I can interrogate in order to find out what
machine is connected to each physical port on the switch?
For example, an OID to return all of the IP or Mac Addresses of the
machines connected to the switch
and then some other OID that I can use to match those IP or Mac
Addresses to a physical port on the switch.
Or indeed something of the form of the deprecated SNMP command
"tcpConnLocalPort" which apparently returned the port number of the
current TCP connection to that SNMP compatible device (even though I
don't appear to be able to connect up to the switch via TCP)
Because from current, as well as past, experience, as far as I can
tell SNMP is far from SIMPLE.
Any advice from any SNMP experts would be much appreciated.
PS
Vivek,
Your second option talked about using the dot1dTpFdb Table.
How do I access that, using an OID (i.e. What is the OID for it?)
RE: "You can query the switch directly using the PCs MAC address."
I thought that you could only send OID messages to the switch?
PPS
I'm using a general Cisco switch, by the way.
So I'm not using anything obscure.
Let me try to explain.
With SNMP there are two distinct concepts.
1. The information. This varies from vendor to vendor, and sometimes
model to model. So when you say, "the command tcpConnLocalPort" - you
would be wrong. The tcpConnLocalPort is not a command, it just refers
to a bunch of information maintained by the switch. An OID is just a
number to identify a particular piece of information.
If the switch maintains this information, you are in luck and you can
yank it out of the switch.
2. The operations. These are the SNMP commands used to yank out
information from the switch. You would use the GET command (requires
the exact OID) or the GETNEXT command (does not require the exact
OID). There are also other commands like TRAP (you may ignore them for
now).
Now, about your problem of mapping out PCs to switch ports.
There are atleast two ways,
1) Use the atTable (OID = .1.3.6.1.2.1.3.1.1 )
send a snmpwalk command to the above OID. The output will contain
enough information for you to make the mapping.
2) Using the dot1dFdbTable (OID = .1.3.6.1.2.1.17.4.3 )
send a snmpwalk command to the above OID and observe the output.
The advantage of this method is you can directly get the port of the
switch if you know the PCs mac address. For example : if the PC you
are trying to track has a mac address of 00:01:02:03:04:05
you can send a snmpget command
snmpget .1.3.6.1.2.1.17.4.3. 2. 0.1.2.3.4.5 you will get a port number
back (eg 20)
Best way to master SNMP.
The best way to start learning SNMP is to explore the switch using a
MIB Walker. You can see for yourself how information is arranged in
the switch. Once you have pinpointed which OIDs you want, you can then
write scripts to pull it out and put the information together.
The steps to get started with a MIB Walker are :
1. Get a free SNMP Walker or MIB Walker ( You can try Unbrowse SNMP -
it is completely free for such use. Disclaimer : I am a developer of
the Unbrowse SNMP product !) There are other excellent free and some
paid products too.
2. Get hold of Cisco MIBs . The MIB (Management Information Base)
tells you what each OID represents. Without these MIBs, you will be
stuck with OIDs - which will confuse you further (If you are using
Unbrowse SNMP, you can download and install all Cisco MIBs in a single
click). Other products package the MIBs or allow you to download MIB
files and compile them.
3. You are now set. You can open the BRIDGE-MIB and pull out the
entire dot1FdbTable from the switch and examine the output. You can
also open the RFC-1213 MIB which contains the atTable. You can observe
how information in the tables are stored and retrieved.
SNMP is easy once you wrap your head around the concept of MIBs. The
payoff from learning SNMP is huge. You could amaze your colleagues by
writing these little scripts that pull out extremely nifty information
from the network. In your case, it would be cool to write a tool to
draw a list of PCs connected to each switch port.
Good luck,
Vivek Rajan
Unleash Networks
[color=blue]
>
> RE: "You can query the switch directly using the PCs MAC address."
>
> I thought that you could only send OID messages to the switch?[/color]
You want to map port numbers to PCs (MAC addresses).
On Jan 15, 5:32*pm, Wayne.Co...@cybview.com wrote:[color=blue]
> On Jan 12, 4:46 pm, VivekRajan <vivek_rajago...@yahoo.com> wrote:
>
>
>
>
>[color=green]
> > On Jan 11, 11:40 pm, Wayne.Co...@cybview.com wrote:[/color]
>[color=green][color=darkred]
> > > Hi,
> > > I need to know the sequence of SNMP object ID's (OID's) that I need to
> > > send to a switch (via SNMP) *in order to work out exactly which
> > > physical port on the switch a particular PC is connected to.[/color][/color]
>[color=green]
> > Assuming you know the PCs IP or MAC,[/color]
>[color=green]
> > 1. Use the atTable in MIB-2
> > snmpwalk the atTable until you find the PC's atNetAddress or
> > atPhysAddress.
> > When you find a match, the atIfIndex is the switch port you want
> > (you can get the description from ifTable if you want)[/color]
>[color=green]
> > 2. If your switch supports BRIDGE-MIB
> > Use the dot1dTpFdbTable. You can query the switch
> > directly using the PCs MAC address.[/color]
>[color=green]
> > Hope that helps,[/color]
>[color=green]
> > -----
> > Vivek Rajan
> > Unleash Networks[/color]
>[color=green][color=darkred]
> > > That is, I have some code that can, using SNMP, send OID's to
> > > successfully query a switch to get the switch's description, etc.[/color][/color]
>[color=green][color=darkred]
> > > But I need to know how I can dynamically query the switch (using
> > > OID's) to find out which port on the switch a particular machine is
> > > connected to.[/color][/color]
>[color=green][color=darkred]
> > > Thanks in advance.- Hide quoted text -[/color][/color]
>[color=green]
> > - Show quoted text -[/color]
>
> Thanks Vivek, but I'm not sure of what you mean or how to put into
> practise what you have written.
>
> So let me make myself clear.
>
> I can use SNMP to send the switch the object identifier
> "1.3.6.1.2.1.1.1.0" in order to get the switch's
> description(sysDescription).
>
> I can send the switch the object identifier (OID) "1.3.6.1.2.1.1.3.0"
> to get it to return the total time it has been up-and-running
> (SysUptime)
>
> All this I can do, easily via SNMP because these are clearly
> documented SNMP instructions.
>
> What I need is a similar sequence of object identifiers that will in
> some way give me the port number that a *particular PC (in relation to
> its IP or Mac Address) is physically connected to.
>
> I've used SnmpWalk and as far as I can see I cannot find my machines
> Mac Address in the outputted data (even though there are some Mac
> Addresses listed).
>
> I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
> number of network interfaces supported by the switch (apparently) and
> then used the information returned to get back data matching Mac
> Addresses to text in the form of "Vlan100", "Vlan101", etc.
>
> But I don't understand it.
>
> Is there a way (there is but I can't remember it) to simply use a
> sequence of OID's to query a switch so that
> it returns data that I can interrogate in order to find out what
> machine is connected to each physical port on *the switch?
>
> For example, an OID to return all of the IP or Mac Addresses of the
> machines connected to the switch
> and then some other OID that I can use to match those IP or Mac
> Addresses to a physical port on the switch.
>
> Or indeed something of the form of the deprecated SNMP command
> "tcpConnLocalPort" which apparently returned the port number of the
> current TCP connection to that SNMP compatible device (even though I
> don't appear to be able to connect up to the switch via TCP)
>
> Because from current, as well as past, experience, as far as I can
> tell SNMP is far from SIMPLE.
>
> Any advice from any SNMP experts would be much appreciated.
>
> PS
>
> Vivek,
>
> Your second option talked about using the dot1dTpFdb Table.
>
> How do I access that, using an OID (i.e. What is the OID for it?)
>
> RE: "You can query the switch directly using the PCs MAC address."
>
> I thought that you could only send OID messages to the switch?
>
> PPS
>
> I'm using a general Cisco switch, by the way.
>
> So I'm not using anything obscure.- Hide quoted text -
>
> - Show quoted text -[/color]
[email]Wayne.Cowan@cybview.com[/email] wrote:
[color=blue]
> So let me make myself clear.
>
> I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
> number of network interfaces supported by the switch (apparently) and
> then used the information returned to get back data matching Mac
> Addresses to text in the form of "Vlan100", "Vlan101", etc.
>
> But I don't understand it.
>
>
> Is there a way (there is but I can't remember it) to simply use a
> sequence of OID's to query a switch so that
> it returns data that I can interrogate in order to find out what
> machine is connected to each physical port on the switch?[/color]
I think there is no easy way. You might want to look into netdisco (see
subroutine macsuck) how this is done.
regards,
--alfred
P.S. netdisco is at
[url]http://netdisco.org/[/url]
On Jan 15, 2:39 pm, VivekRajan <vivek_rajago...@yahoo.com> wrote:[color=blue]
> Let me try to explain.
>
> With SNMP there are two distinct concepts.
>
> 1. The information. This varies from vendor to vendor, and sometimes
> model to model. So when you say, "the command tcpConnLocalPort" - you
> would be wrong. The tcpConnLocalPort is not a command, it just refers
> to a bunch of information maintained by the switch. An OID is just a
> number to identify a particular piece of information.
> If the switch maintains this information, you are in luck and you can
> yank it out of the switch.
>
> 2. The operations. These are the SNMP commands used to yank out
> information from the switch. You would use the GET command (requires
> the exact OID) or the GETNEXT command (does not require the exact
> OID). There are also other commands like TRAP (you may ignore them for
> now).
>
> Now, about your problem of mapping out PCs to switch ports.
>
> There are atleast two ways,
>
> 1) Use the atTable (OID = .1.3.6.1.2.1.3.1.1 )
> send a snmpwalk command to the above OID. The output will contain
> enough information for you to make the mapping.
>
> 2) Using the dot1dFdbTable (OID = .1.3.6.1.2.1.17.4.3 )
> send a snmpwalk command to the above OID and observe the output.
> The advantage of this method is you can directly get the port of the
> switch if you know the PCs mac address. For example : if the PC you
> are trying to track has a mac address of 00:01:02:03:04:05
>
> you can send a snmpget command
>
> snmpget .1.3.6.1.2.1.17.4.3. 2. 0.1.2.3.4.5 you will get a port number
> back (eg 20)
>
> Best way to master SNMP.
>
> The best way to start learning SNMP is to explore the switch using a
> MIB Walker. You can see for yourself how information is arranged in
> the switch. Once you have pinpointed which OIDs you want, you can then
> write scripts to pull it out and put the information together.
>
> The steps to get started with a MIB Walker are :
>
> 1. Get a free SNMP Walker or MIB Walker ( You can try Unbrowse SNMP -
> it is completely free for such use. Disclaimer : I am a developer of
> the Unbrowse SNMP product !) There are other excellent free and some
> paid products too.
>
> 2. Get hold of Cisco MIBs . The MIB (Management Information Base)
> tells you what each OID represents. Without these MIBs, you will be
> stuck with OIDs - which will confuse you further (If you are using
> Unbrowse SNMP, you can download and install all Cisco MIBs in a single
> click). Other products package the MIBs or allow you to download MIB
> files and compile them.
>
> 3. You are now set. You can open the BRIDGE-MIB and pull out the
> entire dot1FdbTable from the switch and examine the output. You can
> also open the RFC-1213 MIB which contains the atTable. You can observe
> how information in the tables are stored and retrieved.
>
> SNMP is easy once you wrap your head around the concept of MIBs. The
> payoff from learning SNMP is huge. You could amaze your colleagues by
> writing these little scripts that pull out extremely nifty information
> from the network. In your case, it would be cool to write a tool to
> draw a list of PCs connected to each switch port.
>
> Good luck,
>
> Vivek Rajan
> Unleash Networks
>
>
>[color=green]
> > RE: "You can query the switch directly using the PCs MAC address."[/color]
>[color=green]
> > I thought that you could only send OID messages to the switch?[/color]
>
> You want to map port numbers to PCs (MAC addresses).
> On Jan 15, 5:32 pm, Wayne.Co...@cybview.com wrote:
>
>
>[color=green]
> > On Jan 12, 4:46 pm, VivekRajan <vivek_rajago...@yahoo.com> wrote:[/color]
>[color=green][color=darkred]
> > > On Jan 11, 11:40 pm, Wayne.Co...@cybview.com wrote:[/color][/color]
>[color=green][color=darkred]
> > > > Hi,
> > > > I need to know the sequence of SNMP object ID's (OID's) that I need to
> > > > send to a switch (via SNMP) in order to work out exactly which
> > > > physical port on the switch a particular PC is connected to.[/color][/color]
>[color=green][color=darkred]
> > > Assuming you know the PCs IP or MAC,[/color][/color]
>[color=green][color=darkred]
> > > 1. Use the atTable in MIB-2
> > > snmpwalk the atTable until you find the PC's atNetAddress or
> > > atPhysAddress.
> > > When you find a match, the atIfIndex is the switch port you want
> > > (you can get the description from ifTable if you want)[/color][/color]
>[color=green][color=darkred]
> > > 2. If your switch supports BRIDGE-MIB
> > > Use the dot1dTpFdbTable. You can query the switch
> > > directly using the PCs MAC address.[/color][/color]
>[color=green][color=darkred]
> > > Hope that helps,[/color][/color]
>[color=green][color=darkred]
> > > -----
> > > Vivek Rajan
> > > Unleash Networks[/color][/color]
>[color=green][color=darkred]
> > > > That is, I have some code that can, using SNMP, send OID's to
> > > > successfully query a switch to get the switch's description, etc.[/color][/color]
>[color=green][color=darkred]
> > > > But I need to know how I can dynamically query the switch (using
> > > > OID's) to find out which port on the switch a particular machine is
> > > > connected to.[/color][/color]
>[color=green][color=darkred]
> > > > Thanks in advance.- Hide quoted text -[/color][/color]
>[color=green][color=darkred]
> > > - Show quoted text -[/color][/color]
>[color=green]
> > Thanks Vivek, but I'm not sure of what you mean or how to put into
> > practise what you have written.[/color]
>[color=green]
> > So let me make myself clear.[/color]
>[color=green]
> > I can use SNMP to send the switch the object identifier
> > "1.3.6.1.2.1.1.1.0" in order to get the switch's
> > description(sysDescription).[/color]
>[color=green]
> > I can send the switch the object identifier (OID) "1.3.6.1.2.1.1.3.0"
> > to get it to return the total time it has been up-and-running
> > (SysUptime)[/color]
>[color=green]
> > All this I can do, easily via SNMP because these are clearly
> > documented SNMP instructions.[/color]
>[color=green]
> > What I need is a similar sequence of object identifiers that will in
> > some way give me the port number that a particular PC (in relation to
> > its IP or Mac Address) is physically connected to.[/color]
>[color=green]
> > I've used SnmpWalk and as far as I can see I cannot find my machines
> > Mac Address in the outputted data (even though there are some Mac
> > Addresses listed).[/color]
>[color=green]
> > I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
> > number of network interfaces supported by the switch (apparently) and
> > then used the information returned to get back data matching Mac
> > Addresses to text in the form of "Vlan100", "Vlan101", etc.[/color]
>[color=green]
> > But I don't understand it.[/color]
>[color=green]
> > Is there a way (there is but I can't remember it) to simply use a
> > sequence of OID's to query a switch so that
> > it returns data that I can interrogate in order to find out what
> > machine is connected to each physical port on the switch?[/color]
>[color=green]
> > For example, an OID to return all of the IP or Mac Addresses of the
> > machines connected to the switch
> > and then some other OID that I can use to match those IP or Mac
> > Addresses to a physical port on the switch.[/color]
>[color=green]
> > Or indeed something of the form of the deprecated SNMP command
> > "tcpConnLocalPort" which apparently returned the port number of the
> > current TCP connection to that SNMP compatible device (even though I
> > don't appear to be able to connect up to the switch via TCP)[/color]
>[color=green]
> > Because from current, as well as past, experience, as far as I can
> > tell SNMP is far from SIMPLE.[/color]
>[color=green]
> > Any advice from any SNMP experts would be much appreciated.[/color]
>[color=green]
> > PS[/color]
>[color=green]
> > Vivek,[/color]
>[color=green]
> > Your second option talked about using the dot1dTpFdb Table.[/color]
>[color=green]
> > How do I access that, using an OID (i.e. What is the OID for it?)[/color]
>[color=green]
> > RE: "You can query the switch directly using the PCs MAC address."[/color]
>[color=green]
> > I thought that you could only send OID messages to the switch?[/color]
>[color=green]
> > PPS[/color]
>[color=green]
> > I'm using a general Cisco switch, by the way.[/color]
>[color=green]
> > So I'm not using anything obscure.- Hide quoted text -[/color]
>[color=green]
> > - Show quoted text -- Hide quoted text -[/color]
>
> - Show quoted text -[/color]
Thanks Vivek, your advice and opinion are greatly appreciated.
One last question:
I prefer the snmpget solution because I'm already using SNMPGET, with
valid OID's, to successfully query the switch for information.
From your example, you used a base OID of .1.3.6.1.2.1.17.4.3 then a
space, the number 2, a dot and then another space was tacked onto the
end of it. This was then followed by the Mac Address for which the
port should refer to.
i.e. "snmpget.1.3.6.1.2.1.17.4.3" + ". 2. " + Mac Address
Can you confirm that that wasn't a typo/error?
Also, the numbers in your Mac Address were below 10 so HEX conversions
would not be needed. Should Mac Address subsections greater than 10 be
specified in HEX or normal (base 10) integer form?
Finally, for a more concrete example, if I have a machine with a Mac
Address of 00-11-85-8D-19-BC, which I do, what would be the format of
the snmpget query that you made?
Would it be in the form:
snmpget .1.3.6.1.2.1.17.4.3. 2. 0.17.133.141.25.188 (with the
HEX converted into integer form?)
And is there a similar OID for IP addresses that returns the switch
port of the machine for a given IP address?
Thanks again.
Hi,
there is a chance to identify a switch port on wich is connected another switch?
My task is to find only the ports on wich computers are connected.
Switch Description : Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Mon 09-Mar-09 18:10 by gereddy
Thanks in advance,
dumitru olteanu
hi, i'm trying to broadband a internet connection through my 3com 4500 switch but not reaching.
situation: internet adsl router, my computer nic card must have ip 200.161.131.72 and gateway 200.161.131.65 for internet connection.
can i plug the internet router directly to 3com switch to broadband connection ?
i've tried this, put 200.161.131.72 for switch ip address; 200.161.131.65 and my internal lan 200.161.131.0 in the switch static routing table and nothing happens
what would be the appropriate configuration for this situation ?
thanks