使用SNMP端口查找在Catalyst交换机的MAC地址
作者:互联网
简介
本文档介绍如何使用简单网络管理协议(SNMP)获取您知道MAC地址的Cisco Catalyst交换机上的端口号。
先决条件
要求
本文档的读者应掌握以下这些主题的相关知识:
-
如何使用SNMP从Catalyst交换机获取VLAN
-
如何使用SNMP的社区字符串索引
-
SNMP get命令和walk命令的一般用途
使用的组件
本文档适用于运行常规Catalyst OS(CatOS)或Cisco IOS®软件的Catalyst交换机。软件支持BRIDGE-MIB和IF-MIB。
本文档中的信息基于以下软件和硬件版本:
-
运行Cisco IOS软件版本12.0(5)WC5a的Catalyst 3524XL
-
Net-SNMP版本5.0.6
注意:要获取此软件,请参阅Net-SNMP
。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
规则
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
背景
有关如何查询内容可寻址存储器(CAM)表、VLAN和所有相关MIB(如CISCO-VTP-MIB和BRIDGE-MIB)的详细信息,请参阅文档如何获取动态CAM条目(CAM表)的背景部分使用SNMP的Catalyst交换机。
MIB变量的详细信息,包括对象标识符(OID)
.1.3.6.1.2.1.17.4.3.1.1 dot1dTpFdbAddress OBJECT-TYPE -- FROM BRIDGE-MIB -- TEXTUAL CONVENTION MacAddress SYNTAX OCTET STRING (6) MAX-ACCESS read-only STATUS Mandatory DESCRIPTION "A unicast MAC address for which the bridge has forwarding and/or filtering information." ::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) dot1dBridge(17) dot1dTp(4) dot1dTpFdbTable(3) dot1dTpFdbEntry(1) 1 } .1.3.6.1.2.1.17.4.3.1.2 dot1dTpFdbPort OBJECT-TYPE -- FROM BRIDGE-MIB SYNTAX Integer MAX-ACCESS read-only STATUS Mandatory DESCRIPTION "Either the value "0", or the port number of the port on which a frame having a source address equal to the value of the corresponding instance of dot1dTpFdbAddress has been seen. A value of "0" indicates that the port number has not been learned, but that the bridge does have some forwarding/filtering information about this address (that is, in the StaticTable). Implementors are encouraged to assign the port value to this object whenever it is learned, even for addresses for which the corresponding value of dot1dTpFdbStatus is not learned(3)." ::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) dot1dBridge(17) dot1dTp(4) dot1dTpFdbTable(3) dot1dTpFdbEntry(1) 2 } .1.3.6.1.2.1.2.2.1.1 ifIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value, greater than zero, for each interface. It is recommended that values are assigned contiguously starting from 1. The value for each interface sub-layer must remain constant at least from one re-initialization of the entity's network management system to the next re- initialization." ::= { ifEntry 1 } .1.3.6.1.2.1.17.1.4.1.2 dot1dBasePortIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The value of the instance of the ifIndex object, defined in MIB-II, for the interface corresponding to this port." ::= { dot1dBasePortEntry 2 } .1.3.6.1.2.1.31.1.1.1.1 ifName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The textual name of the interface. The value of this object should be the name of the interface as assigned by the local device and should be suitable for use in commands entered at the device's `console'. This might be a text name, such as `le0' or a simple port number, such as `1', depending on the interface naming syntax of the device. If several entries in the ifTable together represent a single interface as named by the device, then each will have the same value of ifName. Note that for an agent which responds to SNMP queries concerning an interface on some other (proxied) device, then the value of ifName for such an interface is the proxied device's local name for it. If there is no local name, or this object is otherwise not applicable, then this object contains a zero-length string." ::= { ifXEntry 1 }
获取已获取MAC地址的端口号
逐步指导
完成本节中的步骤,以便使用SNMP获取已获取MAC地址的端口号。假设端口号在VLAN1中。
注意:在本节中的命令中:
-
public是读取社区字符串。
-
@1是读取社区字符串的VLAN 1部分。
-
crumpy是设备主机名。
注意:您也可以使用此主机名的IP地址。
注意:“结论”部分使用命令输出中斜体中显示的值。
-
检索VLAN。对vtpVlanState对象(.1.3.6.1.4.1.9.9.46.1.3.1.2)使用snmpwalk命令:
%snmpwalk -c public crumpy .1.3.6.1.4.1.9.9.46.1.3.1.1.2 CISCO-VTP-MIB::vtpVlanState.1.1 = INTEGER: operational(1) CISCO-VTP-MIB::vtpVlanState.1.3 = INTEGER: operational(1) CISCO-VTP-MIB::vtpVlanState.1.7 = INTEGER: operational(1) CISCO-VTP-MIB::vtpVlanState.1.10 = INTEGER: operational(1) ...
注意:此命令使用社区字符串索引。该命令还使用vtpVlanState,其OID为.1.3.6.1.4.1.9.46.1.3.1.1.2。如果已将MIB加载到网络管理系统(NMS),则可以使用对象名称而不是OID。请改为发出以下命令:
%snmpwalk -c public@1 crumpy vtpVlanState
注意:您还可以使用步骤2至6中的对象名称。
-
发出以下命令,以通过考虑端口属于VLAN1来获取MAC地址表:
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.4.3.1.1 17.4.3.1.1.0.0.12.7.172.8 = Hex: 00 00 0C 07 AC 08 17.4.3.1.1.0.1.2.27.80.145 = Hex: 00 01 02 1B 50 91 17.4.3.1.1.0.1.3.72.77.90 = Hex: 00 01 03 48 4D 5A 17.4.3.1.1.0.1.3.72.221.191 = Hex: 00 01 03 48 DD BF ...
注意:在社区字符串后提供适当的VLAN编号。在本例中,它是VLAN1。
该命令列出在属于VLAN 1的所有端口上获知的所有MAC地址。
-
发出以下命令以确定VLAN 1的网桥端口号:
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.4.3.1.2 17.4.3.1.2.0.0.12.7.172.8 = 13 17.4.3.1.2.0.1.2.27.80.128 = 13 17.4.3.1.2.0.1.2.27.80.145 = 13 17.4.3.1.2.0.1.2.163.145.225 = 13 ...
注意:VLAN 1是dot1dTpFdbPort,即.1.3.6.1.2.1.17.4.3.1.2。
-
发出以下命令将网桥端口映射到ifIndex,OID .1.3.6.1.2.2.2.1.1:
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.1.4.1.2 17.1.4.1.2.13 = 2 17.1.4.1.2.14 = 3 17.1.4.1.2.15 = 4 17.1.4.1.2.16 = 5
此命令查询dot1dBasePortIfIndex,该索引的OID为。1.3.6.1.2.1.17.1.4.1.2。
-
将walk命令与ifName一起使用,以便将ifIndex值与正确的端口名称关联。
发出以下命令:
注: ifName具有OID.1.3.6.1.2.1.31.1.1.1。
snmpwalk -c public@1 crumpy .1.3.6.1.2.1.31.1.1.1.1 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.1 = VL1 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.3 = Fa0/2 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.4 = Fa0/3 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.5 = Fa0/4 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.6 = Fa0/5 ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.7 = Fa0/6 ...
-
将MAC地址链接到获取地址的端口。
-
从步骤1开始,MAC地址为:
17.4.3.1.1.0.0.12.7.172.8 = Hex: 00 00 0C 07 AC 08
-
从步骤2中,网桥端口告知MAC地址属于网桥端口号13:
17.4.3.1.2.0.0.12.7.172.8 = 13
-
从步骤3开始,网桥端口13具有ifIndex编号2:
17.1.4.1.2.13 = 2
-
从第4步开始,ifIndex 2对应于端口FastEthernet 0/1:
ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1
-
MAC地址00 00 0C 07 AC 08在端口Fa0/1上获知。
将此结论与以下输出进行比较:
-
用于CatOS交换机的show cam dynamic命令
-
用于Cisco IOS软件交换机的show mac命令
以下是输出示例:
crumpy# show mac Dynamic Address Count: 58 Secure Address Count: 2 Static Address (User-defined) Count: 0 System Self Address Count: 51 Total MAC addresses: 111 Maximum MAC addresses: 8192 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- ------------------- 0000.0c07.ac08 Dynamic 1 FastEthernet0/1 0001.021b.5091 Dynamic 1 FastEthernet0/1 0001.0348.4d5a Dynamic 1 FastEthernet0/1 0001.0348.ddbf Dynamic 1 FastEthernet0/1 0001.972d.dfae Dynamic 1 FastEthernet0/1 0002.55c6.cfe7 Dynamic 1 FastEthernet0/1 0002.7d61.d400 Dynamic 1 FastEthernet0/1 …
标签:6.1,1.3,MIB,SNMP,MAC,Catalyst,17.4,3.1 来源: https://blog.csdn.net/allway2/article/details/121353889