IP : 简单网络管理协议 (SNMP)

使用SNMP端口查找在Catalyst交换机的MAC地址

2016 年 10 月 24 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈


目录


简介

本文描述如何使用简单网络管理协议(SNMP)得到在您认识MAC地址的Cisco Catalyst交换机的端口号。

先决条件

要求

本文档的读者应掌握以下这些主题的相关知识:

  • 如何从有使用的一台Catalyst交换机获得VLAN SNMP

  • 如何以SNMP使用社区字符串索引

  • walk命令的SNMP的一般用途get命令

使用的组件

本文适用于运行正常Catalyst OS的Catalyst交换机(CatOS)或思科IOSï ¿  ½软件。软件支持BRIDGE-MIBIF-MIB

本文档中的信息基于以下软件和硬件版本:

  • 运行Cisco IOS软件版本12.0(5)WC5a的Catalyst 3524XL

  • Net-snmp版本5.0.6

    注意: 要得到此软件,参考Net-snmpleavingcisco.com

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

背景

关于如何查询内容寻址存储器(CAM)表的更多信息, VLAN和所有相关MIB,例如CISCO-VTP-MIB和BRIDGE-MIB,参考本文的Background部分如何获得动态CAM条目(CAM表)使用SNMP, Catalyst交换机的

MIB变量的详细信息,包括对象标识符(OIDs)

.1.3.6.1.2.1.17.4.3.1.1 
dot1dTpFdbAddress OBJECT-TYPE
         -- FROM BRIDGE-MIB
         -- TEXTUAL CONVENTION MacAddress
         SYNTAX          OCTET STRING (6)
         MAX-ACCESS      read-only
         STATUS          Mandatory
         DESCRIPTION    "A unicast MAC address for which the bridge has forwarding 
                 and/or filtering information." 
::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) dot1dBridge(17) dot1dTp(4) 
dot1dTpFdbTable(3) dot1dTpFdbEntry(1) 1 } 

.1.3.6.1.2.1.17.4.3.1.2
dot1dTpFdbPort OBJECT-TYPE
         -- FROM BRIDGE-MIB
         SYNTAX          Integer
         MAX-ACCESS      read-only
         STATUS          Mandatory
         DESCRIPTION    "Either the value "0", or the port number of the port on which 
                 a frame having a source 
                 address equal to the value of the corresponding instance of 
                 dot1dTpFdbAddress has been seen.  
                 A value of "0" indicates that the port number has not been learned, 
                 but that the bridge does 
                 have some forwarding/filtering information about this address (that is,
                 in the StaticTable).
                       Implementors are encouraged to assign the port value to this 
                 object whenever it is 
                 learned, even for addresses for which the corresponding value of 
                 dot1dTpFdbStatus is not learned(3)." 
::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) dot1dBridge(17) dot1dTp(4) 
dot1dTpFdbTable(3) dot1dTpFdbEntry(1) 2 } 

.1.3.6.1.2.1.2.2.1.1
ifIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION      "A unique value, greater than zero, for each interface.  It
            is recommended that values are assigned contiguously
            starting from 1.  The value for each interface sub-layer
            must remain constant at least from one re-initialization of
            the entity's network management system to the next re-
            initialization."
    ::= { ifEntry 1 }

.1.3.6.1.2.1.17.1.4.1.2	
dot1dBasePortIfIndex OBJECT-TYPE
              SYNTAX  INTEGER
              ACCESS  read-only
              STATUS  mandatory
              DESCRIPTION
                      "The value of the instance of the ifIndex object,
                      defined in MIB-II, for the interface corresponding
                      to this port."
              ::= { dot1dBasePortEntry 2 }

.1.3.6.1.2.1.31.1.1.1.1
ifName OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION    "The textual name of the interface.  The value of this
            object should be the name of the interface as assigned by
            the local device and should be suitable for use in commands
            entered at the device's `console'.  This might be a text
            name, such as `le0' or a simple port number, such as `1',
            depending on the interface naming syntax of the device.  If
            several entries in the ifTable together represent a single
            interface as named by the device, then each will have the
            same value of ifName.  Note that for an agent which responds
            to SNMP queries concerning an interface on some other
            (proxied) device, then the value of ifName for such an
            interface is the proxied device's local name for it.
            If there is no local name, or this object is otherwise not
            applicable, then this object contains a zero-length string."
    ::= { ifXEntry 1 }

获得MAC地址了解的端口号

逐步指导

完成在此部分的步骤为了使用SNMP获得MAC地址了解的端口号。考虑端口号在VLAN1。

注意: 在in命令此部分:

  • 公共是读取公用字符串。

  • @1是读取公用字符串的VLAN1零件。

  • crumpy是设备主机名。

    注意: 您能也使用IP地址此主机名。

注意: 结论部分使用在命令输出中出现以斜体字的值。

  1. 获取VLAN。请使用snmpwalk命令在vtpVlanState对象(.1.3.6.1.4.1.9.9.46.1.3.1.1.2) :

    %snmpwalk -c public crumpy .1.3.6.1.4.1.9.9.46.1.3.1.1.2
    CISCO-VTP-MIB::vtpVlanState.1.1 = INTEGER: operational(1)
    CISCO-VTP-MIB::vtpVlanState.1.3 = INTEGER: operational(1)
    CISCO-VTP-MIB::vtpVlanState.1.7 = INTEGER: operational(1)
    CISCO-VTP-MIB::vtpVlanState.1.10 = INTEGER: operational(1)
    ...

    注意: 此命令使用社区字符串索引。命令也使用vtpVlanState,有OID .1.3.6.1.4.1.9.9.46.1.3.1.1.2。如果装载MIB对您的网络管理系统(NMS),您能使用对象名而不是OID。发出此命令:

    %snmpwalk -c public@1 crumpy vtpVlanState
    

    注意: 您在步骤2至6.能也使用对象名。

  2. 发出此命令为了通过考虑得到MAC地址表端口属于VLAN1:

    snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.4.3.1.1
    
    17.4.3.1.1.0.0.12.7.172.8 =  Hex: 00 00 0C 07 AC 08
    17.4.3.1.1.0.1.2.27.80.145 =  Hex: 00 01 02 1B 50 91
    17.4.3.1.1.0.1.3.72.77.90 =  Hex: 00 01 03 48 4D 5A
    17.4.3.1.1.0.1.3.72.221.191 =  Hex: 00 01 03 48 DD BF
    ...

    注意: 在社区字符串以后提供适当的VLAN号。在本例中,它是VLAN1。

    命令一览表在所有端口了解属于VLAN1的所有MAC地址。

  3. 发出此命令确定VLAN1:的网桥端口号

    snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.4.3.1.2 
    
    17.4.3.1.2.0.0.12.7.172.8 = 13
    17.4.3.1.2.0.1.2.27.80.128 = 13
    17.4.3.1.2.0.1.2.27.80.145 = 13
    17.4.3.1.2.0.1.2.163.145.225 = 13
    ...

    注意: VLAN1是dot1dTpFdbPort或者.1.3.6.1.2.1.17.4.3.1.2

  4. 发出此命令映射网桥端口到IfIndex, OID .1.3.6.1.2.1.2.2.1.1

    snmpwalk -c public@1 crumpy .1.3.6.1.2.1.17.1.4.1.2 
    
    17.1.4.1.2.13 = 2
    17.1.4.1.2.14 = 3
    17.1.4.1.2.15 = 4
    17.1.4.1.2.16 = 5

    此命令查询dot1dBasePortIfIndex,有OID .1.3.6.1.2.1.17.1.4.1.2

  5. ifName使用walk命令为了关联IfIndex值与一个正确端口名。

    发出以下命令:

    注意: ifName有OID .1.3.6.1.2.1.31.1.1.1.1

    snmpwalk -c public@1 crumpy .1.3.6.1.2.1.31.1.1.1.1 
    
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.1 = VL1
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.3 = Fa0/2
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.4 = Fa0/3
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.5 = Fa0/4
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.6 = Fa0/5
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.7 = Fa0/6
    ...
  6. 连接对地址了解的端口的MAC地址。

    • 从Step1, MAC地址是:

      17.4.3.1.1.0.0.12.7.172.8 = Hex: 00 00 0C 07 AC 08
    • 从步骤2,网桥端口告诉MAC地址属于网桥端口号13 :

      17.4.3.1.2.0.0.12.7.172.8 = 13 
    • 从步骤3,网桥端口号13有IfIndex第2 :

      17.1.4.1.2.13 = 2
    • 从步骤4, IfIndex 2对应于端口快速以太网0/1 :

      ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1

结论

MAC地址00 00个0C 07 AC 08在端口Fa0/1了解。

比较与输出的此结论从:

  • show cam dynamic命令CatOS交换机的

  • show mac命令Cisco IOS软件交换机的

这是输出示例: :

crumpy# show mac
Dynamic Address Count:                 58
Secure Address Count:                  2
Static Address (User-defined) Count:   0
System Self Address Count:             51
Total MAC addresses:                   111
Maximum MAC addresses:                 8192
Non-static Address Table:
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  -------------------

0000.0c07.ac08       Dynamic          1  FastEthernet0/1

0001.021b.5091       Dynamic          1  FastEthernet0/1
0001.0348.4d5a       Dynamic          1  FastEthernet0/1
0001.0348.ddbf       Dynamic          1  FastEthernet0/1
0001.972d.dfae       Dynamic          1  FastEthernet0/1
0002.55c6.cfe7       Dynamic          1  FastEthernet0/1
0002.7d61.d400       Dynamic          1  FastEthernet0/1
…

相关信息


Document ID: 44800