For When You Can't Have The Real Thing
[ start | index | login ]
start > snmp > Switching Tables

Switching Tables

Created by dave. Last edited by dave, 7 years and 94 days ago. Viewed 16,507 times. #11
[diff] [history] [edit] [rdf]
labels
attachments

Querying a switch's Switching Table through SNMP

(aka the Forwarding Table from the MIB-II Bridge, formal name dot1dBridge.dot1dTpFdbTable)

$ snmpwalk -v 1 -c public 10.16.15.254 .1.3.6.1.2.1.17.4.3 | grep 0.22.54.109.180.91
SNMPv2-SMI::mib-2.17.4.3.1.1.0.22.54.109.180.91 = Hex-STRING: 00 16 36 6D B4 5B
SNMPv2-SMI::mib-2.17.4.3.1.2.0.22.54.109.180.91 = INTEGER: 8
SNMPv2-SMI::mib-2.17.4.3.1.3.0.22.54.109.180.91 = INTEGER: 3

In this case we see that 00 16 36 6D B4 5B (which in decimal is 0.22.54.109.180.91) is reachable through port 8.

The oid .1.3.6.1.2.1.17.4.3 (.iso.org.dod.internet.mgmt.mib-2.dot1dBridge.dot1dTp.dot1dTpFdbTable) is the mib-2 table detailing which interface to use to reach a particular MAC address.

The entries:

  • entry 1 is the MAC address in hex
  • entry 2 is the port to use
  • entry 3 is the type of entry (3 == "learn", which is what most of the entries will be)

If you have more than one VLAN

...beware that modern switches maintain a separate instance of the bridge MIB for each VLAN that the switch is a member of. If you don't specify one in your query (see below), then by default the switch answers with the contents of the table instance which belongs to the VLAN servicing the management interface you are querying.

If you query the switching table and you get back something that look suspiciously short, this is probably what's going on.

For a cisco, you specify the VID in the community name as so:

$  snmpwalk -v 1 -c "COMMUNITY@VID" IP .1.3.6.1.2.1.17.4.3
$  snmpwalk -v 1 -c "public@135" 1.2.3.4 .1.3.6.1.2.1.17.4.3

>>HP Forum about Ciscos

>>Dell Forum Thread on Power Edge switches

The Dell Forum suggests querying the >>Q-Bridge-MIB instead, which is 1.3.6.1.2.1.17.7.1.2.2.1.$entry.$VID.$MAC (formal name: dot1qTpFdbTable), where

  • the value for $entry=1 doesn't appear to be defined
  • the value for $entry=2 is the switch port through which the target is reachable
  • I presume the value for $entry=3 is the same as above (ie 3 = learned)
  • $VID is the VLAN ID number that the target is reachable
  • $MAC is the MAC address in decimal separated by dots
example:
# snmpwalk -v 1 -On -c $COMMUNITY $SWITCH 1.3.6.1.2.1.17.7.1.2.2.1 | grep .0.7.233.215.236.250
.1.3.6.1.2.1.17.7.1.2.2.1.2.1942.0.7.233.215.236.250 = INTEGER: 10
.1.3.6.1.2.1.17.7.1.2.2.1.3.1942.0.7.233.215.236.250 = INTEGER: 3
This tells me that the MAC address 00:07:E9:D7:EC:FA is reachable through port 10 on VLAN 1942 and it is a learned entry.

The Q-BRIDGE-MIB is also available on HP ProCurve 5412zl switches.

Note

If you are doing this with perl it may be worth knowing how to automatically convert Hex MAC to decimal OID values.

Interface names and descriptions:

  • ifDescr: 1.3.6.1.2.1.2.2.1.2.$PORT
Ciscos anyways can use other tables. You look up the ifIndex from the $PORT value you have, then use the ifIndex in the other OIDs

Object NameOID 
ifIndex1.3.6.1.4.1.9.5.1.4.1.1.11.$BLADE.$PORT 
ifName1.3.6.1.2.1.31.1.1.1.1.$ifIndex 
ifAlias1.3.6.1.2.1.31.1.1.1.18.$ifIndexThis is the "Port Label"
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt