How do I get the port on a switch that a PC is connected to. - SNMP

This is a discussion on How do I get the port on a switch that a PC is connected to. - SNMP ; Hi, I need to know the sequence of SNMP object ID's (OID's) that I need to send to a switch (via SNMP) in order to work out exactly which physical port on the switch a particular PC is connected to. ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: How do I get the port on a switch that a PC is connected to.

  1. How do I get the port on a switch that a PC is connected to.

    Hi,
    I need to know the sequence of SNMP object ID's (OID's) that I need to
    send to a switch (via SNMP) in order to work out exactly which
    physical port on the switch a particular PC is connected to.

    That is, I have some code that can, using SNMP, send OID's to
    successfully query a switch to get the switch's description, etc.

    But I need to know how I can dynamically query the switch (using
    OID's) to find out which port on the switch a particular machine is
    connected to.

    Thanks in advance.

  2. Re: How do I get the port on a switch that a PC is connected to.

    On Jan 11, 11:40*pm, Wayne.Co...@cybview.com wrote:
    > Hi,
    > I need to know the sequence of SNMP object ID's (OID's) that I need to
    > send to a switch (via SNMP) *in order to work out exactly which
    > physical port on the switch a particular PC is connected to.
    >


    Assuming you know the PCs IP or MAC,

    1. Use the atTable in MIB-2
    snmpwalk the atTable until you find the PC's atNetAddress or
    atPhysAddress.
    When you find a match, the atIfIndex is the switch port you want
    (you can get the description from ifTable if you want)

    2. If your switch supports BRIDGE-MIB
    Use the dot1dTpFdbTable. You can query the switch
    directly using the PCs MAC address.


    Hope that helps,

    -----
    Vivek Rajan
    Unleash Networks


    > That is, I have some code that can, using SNMP, send OID's to
    > successfully query a switch to get the switch's description, etc.
    >
    > But I need to know how I can dynamically query the switch (using
    > OID's) to find out which port on the switch a particular machine is
    > connected to.
    >
    > Thanks in advance.



  3. Re: How do I get the port on a switch that a PC is connected to.

    On Jan 12, 4:46 pm, VivekRajan wrote:
    > On Jan 11, 11:40 pm, Wayne.Co...@cybview.com wrote:
    >
    > > Hi,
    > > I need to know the sequence of SNMP object ID's (OID's) that I need to
    > > send to a switch (via SNMP) in order to work out exactly which
    > > physical port on the switch a particular PC is connected to.

    >
    > Assuming you know the PCs IP or MAC,
    >
    > 1. Use the atTable in MIB-2
    > snmpwalk the atTable until you find the PC's atNetAddress or
    > atPhysAddress.
    > When you find a match, the atIfIndex is the switch port you want
    > (you can get the description from ifTable if you want)
    >
    > 2. If your switch supports BRIDGE-MIB
    > Use the dot1dTpFdbTable. You can query the switch
    > directly using the PCs MAC address.
    >
    > Hope that helps,
    >
    > -----
    > Vivek Rajan
    > Unleash Networks
    >
    >
    >
    > > That is, I have some code that can, using SNMP, send OID's to
    > > successfully query a switch to get the switch's description, etc.

    >
    > > But I need to know how I can dynamically query the switch (using
    > > OID's) to find out which port on the switch a particular machine is
    > > connected to.

    >
    > > Thanks in advance.- Hide quoted text -

    >
    > - Show quoted text -





    Thanks Vivek, but I'm not sure of what you mean or how to put into
    practise what you have written.

    So let me make myself clear.

    I can use SNMP to send the switch the object identifier
    "1.3.6.1.2.1.1.1.0" in order to get the switch's
    description(sysDescription).

    I can send the switch the object identifier (OID) "1.3.6.1.2.1.1.3.0"
    to get it to return the total time it has been up-and-running
    (SysUptime)

    All this I can do, easily via SNMP because these are clearly
    documented SNMP instructions.

    What I need is a similar sequence of object identifiers that will in
    some way give me the port number that a particular PC (in relation to
    its IP or Mac Address) is physically connected to.


    I've used SnmpWalk and as far as I can see I cannot find my machines
    Mac Address in the outputted data (even though there are some Mac
    Addresses listed).


    I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
    number of network interfaces supported by the switch (apparently) and
    then used the information returned to get back data matching Mac
    Addresses to text in the form of "Vlan100", "Vlan101", etc.

    But I don't understand it.


    Is there a way (there is but I can't remember it) to simply use a
    sequence of OID's to query a switch so that
    it returns data that I can interrogate in order to find out what
    machine is connected to each physical port on the switch?

    For example, an OID to return all of the IP or Mac Addresses of the
    machines connected to the switch
    and then some other OID that I can use to match those IP or Mac
    Addresses to a physical port on the switch.

    Or indeed something of the form of the deprecated SNMP command
    "tcpConnLocalPort" which apparently returned the port number of the
    current TCP connection to that SNMP compatible device (even though I
    don't appear to be able to connect up to the switch via TCP)

    Because from current, as well as past, experience, as far as I can
    tell SNMP is far from SIMPLE.


    Any advice from any SNMP experts would be much appreciated.



    PS

    Vivek,

    Your second option talked about using the dot1dTpFdb Table.

    How do I access that, using an OID (i.e. What is the OID for it?)

    RE: "You can query the switch directly using the PCs MAC address."

    I thought that you could only send OID messages to the switch?

    PPS

    I'm using a general Cisco switch, by the way.

    So I'm not using anything obscure.

  4. Re: How do I get the port on a switch that a PC is connected to.

    Let me try to explain.

    With SNMP there are two distinct concepts.

    1. The information. This varies from vendor to vendor, and sometimes
    model to model. So when you say, "the command tcpConnLocalPort" - you
    would be wrong. The tcpConnLocalPort is not a command, it just refers
    to a bunch of information maintained by the switch. An OID is just a
    number to identify a particular piece of information.
    If the switch maintains this information, you are in luck and you can
    yank it out of the switch.

    2. The operations. These are the SNMP commands used to yank out
    information from the switch. You would use the GET command (requires
    the exact OID) or the GETNEXT command (does not require the exact
    OID). There are also other commands like TRAP (you may ignore them for
    now).

    Now, about your problem of mapping out PCs to switch ports.

    There are atleast two ways,

    1) Use the atTable (OID = .1.3.6.1.2.1.3.1.1 )
    send a snmpwalk command to the above OID. The output will contain
    enough information for you to make the mapping.

    2) Using the dot1dFdbTable (OID = .1.3.6.1.2.1.17.4.3 )
    send a snmpwalk command to the above OID and observe the output.
    The advantage of this method is you can directly get the port of the
    switch if you know the PCs mac address. For example : if the PC you
    are trying to track has a mac address of 00:01:02:03:04:05

    you can send a snmpget command

    snmpget .1.3.6.1.2.1.17.4.3. 2. 0.1.2.3.4.5 you will get a port number
    back (eg 20)

    Best way to master SNMP.

    The best way to start learning SNMP is to explore the switch using a
    MIB Walker. You can see for yourself how information is arranged in
    the switch. Once you have pinpointed which OIDs you want, you can then
    write scripts to pull it out and put the information together.

    The steps to get started with a MIB Walker are :

    1. Get a free SNMP Walker or MIB Walker ( You can try Unbrowse SNMP -
    it is completely free for such use. Disclaimer : I am a developer of
    the Unbrowse SNMP product !) There are other excellent free and some
    paid products too.

    2. Get hold of Cisco MIBs . The MIB (Management Information Base)
    tells you what each OID represents. Without these MIBs, you will be
    stuck with OIDs - which will confuse you further (If you are using
    Unbrowse SNMP, you can download and install all Cisco MIBs in a single
    click). Other products package the MIBs or allow you to download MIB
    files and compile them.

    3. You are now set. You can open the BRIDGE-MIB and pull out the
    entire dot1FdbTable from the switch and examine the output. You can
    also open the RFC-1213 MIB which contains the atTable. You can observe
    how information in the tables are stored and retrieved.

    SNMP is easy once you wrap your head around the concept of MIBs. The
    payoff from learning SNMP is huge. You could amaze your colleagues by
    writing these little scripts that pull out extremely nifty information
    from the network. In your case, it would be cool to write a tool to
    draw a list of PCs connected to each switch port.

    Good luck,

    Vivek Rajan
    Unleash Networks


    >
    > RE: "You can query the switch directly using the PCs MAC address."
    >
    > I thought that you could only send OID messages to the switch?


    You want to map port numbers to PCs (MAC addresses).
    On Jan 15, 5:32*pm, Wayne.Co...@cybview.com wrote:
    > On Jan 12, 4:46 pm, VivekRajan wrote:
    >
    >
    >
    >
    >
    > > On Jan 11, 11:40 pm, Wayne.Co...@cybview.com wrote:

    >
    > > > Hi,
    > > > I need to know the sequence of SNMP object ID's (OID's) that I need to
    > > > send to a switch (via SNMP) *in order to work out exactly which
    > > > physical port on the switch a particular PC is connected to.

    >
    > > Assuming you know the PCs IP or MAC,

    >
    > > 1. Use the atTable in MIB-2
    > > snmpwalk the atTable until you find the PC's atNetAddress or
    > > atPhysAddress.
    > > When you find a match, the atIfIndex is the switch port you want
    > > (you can get the description from ifTable if you want)

    >
    > > 2. If your switch supports BRIDGE-MIB
    > > Use the dot1dTpFdbTable. You can query the switch
    > > directly using the PCs MAC address.

    >
    > > Hope that helps,

    >
    > > -----
    > > Vivek Rajan
    > > Unleash Networks

    >
    > > > That is, I have some code that can, using SNMP, send OID's to
    > > > successfully query a switch to get the switch's description, etc.

    >
    > > > But I need to know how I can dynamically query the switch (using
    > > > OID's) to find out which port on the switch a particular machine is
    > > > connected to.

    >
    > > > Thanks in advance.- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Thanks Vivek, but I'm not sure of what you mean or how to put into
    > practise what you have written.
    >
    > So let me make myself clear.
    >
    > I can use SNMP to send the switch the object identifier
    > "1.3.6.1.2.1.1.1.0" in order to get the switch's
    > description(sysDescription).
    >
    > I can send the switch the object identifier (OID) "1.3.6.1.2.1.1.3.0"
    > to get it to return the total time it has been up-and-running
    > (SysUptime)
    >
    > All this I can do, easily via SNMP because these are clearly
    > documented SNMP instructions.
    >
    > What I need is a similar sequence of object identifiers that will in
    > some way give me the port number that a *particular PC (in relation to
    > its IP or Mac Address) is physically connected to.
    >
    > I've used SnmpWalk and as far as I can see I cannot find my machines
    > Mac Address in the outputted data (even though there are some Mac
    > Addresses listed).
    >
    > I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
    > number of network interfaces supported by the switch (apparently) and
    > then used the information returned to get back data matching Mac
    > Addresses to text in the form of "Vlan100", "Vlan101", etc.
    >
    > But I don't understand it.
    >
    > Is there a way (there is but I can't remember it) to simply use a
    > sequence of OID's to query a switch so that
    > it returns data that I can interrogate in order to find out what
    > machine is connected to each physical port on *the switch?
    >
    > For example, an OID to return all of the IP or Mac Addresses of the
    > machines connected to the switch
    > and then some other OID that I can use to match those IP or Mac
    > Addresses to a physical port on the switch.
    >
    > Or indeed something of the form of the deprecated SNMP command
    > "tcpConnLocalPort" which apparently returned the port number of the
    > current TCP connection to that SNMP compatible device (even though I
    > don't appear to be able to connect up to the switch via TCP)
    >
    > Because from current, as well as past, experience, as far as I can
    > tell SNMP is far from SIMPLE.
    >
    > Any advice from any SNMP experts would be much appreciated.
    >
    > PS
    >
    > Vivek,
    >
    > Your second option talked about using the dot1dTpFdb Table.
    >
    > How do I access that, using an OID (i.e. What is the OID for it?)
    >
    > RE: "You can query the switch directly using the PCs MAC address."
    >
    > I thought that you could only send OID messages to the switch?
    >
    > PPS
    >
    > I'm using a general Cisco switch, by the way.
    >
    > So I'm not using anything obscure.- Hide quoted text -
    >
    > - Show quoted text -



  5. Re: How do I get the port on a switch that a PC is connected to.

    Wayne.Cowan@cybview.com wrote:

    > So let me make myself clear.
    >
    > I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
    > number of network interfaces supported by the switch (apparently) and
    > then used the information returned to get back data matching Mac
    > Addresses to text in the form of "Vlan100", "Vlan101", etc.
    >
    > But I don't understand it.
    >
    >
    > Is there a way (there is but I can't remember it) to simply use a
    > sequence of OID's to query a switch so that
    > it returns data that I can interrogate in order to find out what
    > machine is connected to each physical port on the switch?


    I think there is no easy way. You might want to look into netdisco (see
    subroutine macsuck) how this is done.

    regards,
    --alfred


    P.S. netdisco is at

    http://netdisco.org/

  6. Re: How do I get the port on a switch that a PC is connected to.

    On Jan 15, 2:39 pm, VivekRajan wrote:
    > Let me try to explain.
    >
    > With SNMP there are two distinct concepts.
    >
    > 1. The information. This varies from vendor to vendor, and sometimes
    > model to model. So when you say, "the command tcpConnLocalPort" - you
    > would be wrong. The tcpConnLocalPort is not a command, it just refers
    > to a bunch of information maintained by the switch. An OID is just a
    > number to identify a particular piece of information.
    > If the switch maintains this information, you are in luck and you can
    > yank it out of the switch.
    >
    > 2. The operations. These are the SNMP commands used to yank out
    > information from the switch. You would use the GET command (requires
    > the exact OID) or the GETNEXT command (does not require the exact
    > OID). There are also other commands like TRAP (you may ignore them for
    > now).
    >
    > Now, about your problem of mapping out PCs to switch ports.
    >
    > There are atleast two ways,
    >
    > 1) Use the atTable (OID = .1.3.6.1.2.1.3.1.1 )
    > send a snmpwalk command to the above OID. The output will contain
    > enough information for you to make the mapping.
    >
    > 2) Using the dot1dFdbTable (OID = .1.3.6.1.2.1.17.4.3 )
    > send a snmpwalk command to the above OID and observe the output.
    > The advantage of this method is you can directly get the port of the
    > switch if you know the PCs mac address. For example : if the PC you
    > are trying to track has a mac address of 00:01:02:03:04:05
    >
    > you can send a snmpget command
    >
    > snmpget .1.3.6.1.2.1.17.4.3. 2. 0.1.2.3.4.5 you will get a port number
    > back (eg 20)
    >
    > Best way to master SNMP.
    >
    > The best way to start learning SNMP is to explore the switch using a
    > MIB Walker. You can see for yourself how information is arranged in
    > the switch. Once you have pinpointed which OIDs you want, you can then
    > write scripts to pull it out and put the information together.
    >
    > The steps to get started with a MIB Walker are :
    >
    > 1. Get a free SNMP Walker or MIB Walker ( You can try Unbrowse SNMP -
    > it is completely free for such use. Disclaimer : I am a developer of
    > the Unbrowse SNMP product !) There are other excellent free and some
    > paid products too.
    >
    > 2. Get hold of Cisco MIBs . The MIB (Management Information Base)
    > tells you what each OID represents. Without these MIBs, you will be
    > stuck with OIDs - which will confuse you further (If you are using
    > Unbrowse SNMP, you can download and install all Cisco MIBs in a single
    > click). Other products package the MIBs or allow you to download MIB
    > files and compile them.
    >
    > 3. You are now set. You can open the BRIDGE-MIB and pull out the
    > entire dot1FdbTable from the switch and examine the output. You can
    > also open the RFC-1213 MIB which contains the atTable. You can observe
    > how information in the tables are stored and retrieved.
    >
    > SNMP is easy once you wrap your head around the concept of MIBs. The
    > payoff from learning SNMP is huge. You could amaze your colleagues by
    > writing these little scripts that pull out extremely nifty information
    > from the network. In your case, it would be cool to write a tool to
    > draw a list of PCs connected to each switch port.
    >
    > Good luck,
    >
    > Vivek Rajan
    > Unleash Networks
    >
    >
    >
    > > RE: "You can query the switch directly using the PCs MAC address."

    >
    > > I thought that you could only send OID messages to the switch?

    >
    > You want to map port numbers to PCs (MAC addresses).
    > On Jan 15, 5:32 pm, Wayne.Co...@cybview.com wrote:
    >
    >
    >
    > > On Jan 12, 4:46 pm, VivekRajan wrote:

    >
    > > > On Jan 11, 11:40 pm, Wayne.Co...@cybview.com wrote:

    >
    > > > > Hi,
    > > > > I need to know the sequence of SNMP object ID's (OID's) that I need to
    > > > > send to a switch (via SNMP) in order to work out exactly which
    > > > > physical port on the switch a particular PC is connected to.

    >
    > > > Assuming you know the PCs IP or MAC,

    >
    > > > 1. Use the atTable in MIB-2
    > > > snmpwalk the atTable until you find the PC's atNetAddress or
    > > > atPhysAddress.
    > > > When you find a match, the atIfIndex is the switch port you want
    > > > (you can get the description from ifTable if you want)

    >
    > > > 2. If your switch supports BRIDGE-MIB
    > > > Use the dot1dTpFdbTable. You can query the switch
    > > > directly using the PCs MAC address.

    >
    > > > Hope that helps,

    >
    > > > -----
    > > > Vivek Rajan
    > > > Unleash Networks

    >
    > > > > That is, I have some code that can, using SNMP, send OID's to
    > > > > successfully query a switch to get the switch's description, etc.

    >
    > > > > But I need to know how I can dynamically query the switch (using
    > > > > OID's) to find out which port on the switch a particular machine is
    > > > > connected to.

    >
    > > > > Thanks in advance.- Hide quoted text -

    >
    > > > - Show quoted text -

    >
    > > Thanks Vivek, but I'm not sure of what you mean or how to put into
    > > practise what you have written.

    >
    > > So let me make myself clear.

    >
    > > I can use SNMP to send the switch the object identifier
    > > "1.3.6.1.2.1.1.1.0" in order to get the switch's
    > > description(sysDescription).

    >
    > > I can send the switch the object identifier (OID) "1.3.6.1.2.1.1.3.0"
    > > to get it to return the total time it has been up-and-running
    > > (SysUptime)

    >
    > > All this I can do, easily via SNMP because these are clearly
    > > documented SNMP instructions.

    >
    > > What I need is a similar sequence of object identifiers that will in
    > > some way give me the port number that a particular PC (in relation to
    > > its IP or Mac Address) is physically connected to.

    >
    > > I've used SnmpWalk and as far as I can see I cannot find my machines
    > > Mac Address in the outputted data (even though there are some Mac
    > > Addresses listed).

    >
    > > I have, however, by using the "1.3.6.1.2.1.2.1.0" OID retrieved the
    > > number of network interfaces supported by the switch (apparently) and
    > > then used the information returned to get back data matching Mac
    > > Addresses to text in the form of "Vlan100", "Vlan101", etc.

    >
    > > But I don't understand it.

    >
    > > Is there a way (there is but I can't remember it) to simply use a
    > > sequence of OID's to query a switch so that
    > > it returns data that I can interrogate in order to find out what
    > > machine is connected to each physical port on the switch?

    >
    > > For example, an OID to return all of the IP or Mac Addresses of the
    > > machines connected to the switch
    > > and then some other OID that I can use to match those IP or Mac
    > > Addresses to a physical port on the switch.

    >
    > > Or indeed something of the form of the deprecated SNMP command
    > > "tcpConnLocalPort" which apparently returned the port number of the
    > > current TCP connection to that SNMP compatible device (even though I
    > > don't appear to be able to connect up to the switch via TCP)

    >
    > > Because from current, as well as past, experience, as far as I can
    > > tell SNMP is far from SIMPLE.

    >
    > > Any advice from any SNMP experts would be much appreciated.

    >
    > > PS

    >
    > > Vivek,

    >
    > > Your second option talked about using the dot1dTpFdb Table.

    >
    > > How do I access that, using an OID (i.e. What is the OID for it?)

    >
    > > RE: "You can query the switch directly using the PCs MAC address."

    >
    > > I thought that you could only send OID messages to the switch?

    >
    > > PPS

    >
    > > I'm using a general Cisco switch, by the way.

    >
    > > So I'm not using anything obscure.- Hide quoted text -

    >
    > > - Show quoted text -- Hide quoted text -

    >
    > - Show quoted text -




    Thanks Vivek, your advice and opinion are greatly appreciated.

    One last question:

    I prefer the snmpget solution because I'm already using SNMPGET, with
    valid OID's, to successfully query the switch for information.

    From your example, you used a base OID of .1.3.6.1.2.1.17.4.3 then a
    space, the number 2, a dot and then another space was tacked onto the
    end of it. This was then followed by the Mac Address for which the
    port should refer to.

    i.e. "snmpget.1.3.6.1.2.1.17.4.3" + ". 2. " + Mac Address

    Can you confirm that that wasn't a typo/error?

    Also, the numbers in your Mac Address were below 10 so HEX conversions
    would not be needed. Should Mac Address subsections greater than 10 be
    specified in HEX or normal (base 10) integer form?

    Finally, for a more concrete example, if I have a machine with a Mac
    Address of 00-11-85-8D-19-BC, which I do, what would be the format of
    the snmpget query that you made?

    Would it be in the form:

    snmpget .1.3.6.1.2.1.17.4.3. 2. 0.17.133.141.25.188 (with the
    HEX converted into integer form?)

    And is there a similar OID for IP addresses that returns the switch
    port of the machine for a given IP address?

    Thanks again.



  7. Re: How do I get the port on a switch that a PC is connected to.

    Hi,
    there is a chance to identify a switch port on wich is connected another switch?
    My task is to find only the ports on wich computers are connected.

    Switch Description : Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Mon 09-Mar-09 18:10 by gereddy
    Thanks in advance,
    dumitru olteanu

  8. Re: How do I get the port on a switch that a PC is connected to.

    hi, i'm trying to broadband a internet connection through my 3com 4500 switch but not reaching.

    situation: internet adsl router, my computer nic card must have ip 200.161.131.72 and gateway 200.161.131.65 for internet connection.

    can i plug the internet router directly to 3com switch to broadband connection ?

    i've tried this, put 200.161.131.72 for switch ip address; 200.161.131.65 and my internal lan 200.161.131.0 in the switch static routing table and nothing happens

    what would be the appropriate configuration for this situation ?

    thanks

+ Reply to Thread