Wednesday, September 15, 2010

Use SNMP to find a device on Cisco

In my recent search for a rouge MAC address, I had dozens of Cisco switches to look through in order to find the port the address came from. I vaguely remembered hearing about someone using SNMP to track a MAC down to a specific port on a switch, and decided to take a look.

I found http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml which detailed the process of finding the port owner of a MAC via SNMP. A summary of steps are below:

  • From Step 1, the MAC address is:
    17.4.3.1.1.0.0.12.7.172.8 = Hex: 00 00 0C 07 AC 08
  • From Step 2, the bridge port tells that the MAC address belongs to bridge port number 13:
    17.4.3.1.2.0.0.12.7.172.8 = 13 
  • From Step 3, the bridge port number 13 has ifIndex number 2:
    17.1.4.1.2.13 = 2
  • From Step 4, the ifIndex 2 corresponds to port Fast Ethernet 0/1:
    ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1

No comments: