Solved

How can I find the servers connected to a Cisco switch using SNMP

Posted on 2014-01-07
8
802 Views
Last Modified: 2014-01-14
I need to find the IP addresses of servers connected to a Cisco switch (Catalyst 6500) using SNMP. I saw that there are so many SNMP MIBs in Cisco's website, not sure which one of them is the relevant one with the OIDs for the connected servers.
0
Comment
Question by:Miritm
8 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39761870
You really can't find what servers are connected, you can tell what MAC addresses are associated with a port and then map those MAC addresses to an IP address.

Example:

a) 6500 Gi1/1 <--> PC#1

b) 6500 Gi1/2 <--> SW#2 <--> PC's #2-#20

In example "a", PC#1 is directly connected to the 6500 and it MAC and IP address will be assocated with Gi1/1.

In example "b", PC's #2 - #20 are connected to SW#2, which in turn is connected to the 6500.  The IP addresses for PC's #2 - 20 will show up on the 6500 as being associated to port Gi1/2.  There is no easy way to know that Gi1/2 is connected to a switch other than you knowing it.

A couple of articals that may help you identify which MIB's you need to look at.  If you use VLAN's, IP addresses are associated with the VLAN, so you have to look at both the ARP table and the mac address table.


http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/mibcli_f.html

https://supportforums.cisco.com/thread/2106563

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39761982
You can use a program like switchport mapper. I have used the Quest free tools which has a switchport mapper utility, and it works well. You can get it at http://www.quest.com/free-network-tools/tools-list.aspx. This one works via SNMP and requires putting in a router to poll ARP from as well as the switch with the ports you want mapped.

Secondarily, you could use a web based app called NetDB, which I currently have running on the network I run now. It's free, Linux based, but runs constantly and keeps a database of what is connected where and follows changes, all automatically. That application can be gotten at http://netdbtracking.sourceforge.net/. I highly recommend this one.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39762005
If you know the mac of the server NIC, you might give it a try "traceroute mac". some cisco switches support tracing using mac address.
0
 

Author Closing Comment

by:Miritm
ID: 39774362
I was hoping to find the MIB and OID that should be used, but anyway still got very good input that helped me progress with this topic.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 57

Expert Comment

by:giltjr
ID: 39774769
Thanks for the points.  You can sort of do it by SNMP and MIB.  First you would need to look-up all of the IP addresses using the ARP table and create a list that include the IP address and their associated MAC address.  Then look at the mac address table and create a list that includes the MAC address and the port.

However, as I stated in the accepted answer,  that does not necessary mean that host is on that port.  It just means it gets to this switch through that port.  It could be on another switch that may be directly connected to the switch you are scanning, or it could be 2, 3, or even more switches down stream.  

In fact if you have Etherchannels, the mac address table will have the port channel number, not even the switch port.  So then you would need to figure out which switch ports  are associated with that port channel.

Quite tedious, but if you learn how to chase this down through cli commands, it can help you a lot when you are trying to find out what switch and which port on that switch a host is on.
0
 

Author Comment

by:Miritm
ID: 39774852
Hi giltjr, thanks for the helpful clarifications. So do I understand correctly that you recommend using cli commands rather than SNMP for such a task?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39774923
If you want to find a single, or a small number, of IP hosts right "now", learning how to use CLI is best.

Using SNMP can help build a list/table, but you still have to chase the "chain".

Say SW1 is your main/core switch at the "center" of your network and SW1 connected to SW2 via an Etherchannel and SW2 is then connected to SW3 and you want to find HOST22, that is connected to SW3.

So you find HOST22's MAC address.

Logon to SW1 and do a "show mac address-table | i ##:##:##:##:##:##" where the # are the mac address of HOST22.

The output show that it is connected to PO3, which is a port channel.  You do a "show po3" to see that Gi1/23 and Gi2/23" are in that port channel group.  You either know or find out that Gi1/23 and Gi2/23 connect to SW2.

Now you logon on SW2 and do "show mac address-table | i ##:##:##:##:##:##" again.

The output shows that MAC is connect via Port Gi1/13.  Again, you either know or find out that Gi1/13 is connected to SW3.

Now you logon on SW3 and do "show mac address-table | i ##:##:##:##:##:##" for a third time.  That shows that the mac is connect via port Gi1/32.  Now you either know or find out what is connected to Gi1/32.  If it is a device, then you know that host with IP address "x" is on SW3 port G1/32.

Now, you could use SNMP, but you would still have to do the queries to find the same information.  There are some SNMP programs that to port mapping, but most of them don't chase down a single IP/MAC address, nor do they chase down all chains to find the "last port" a MAC address is on.   Meaning in my example above, the host/mac address would  show up as being on SW1, SW2, and SW3.

Now you can use a port mapper application to get this and as long as you know which switch is the "last in the chain", you then know where the host is.
0
 

Author Comment

by:Miritm
ID: 39778845
giltjr, thanks a lot, this fully clarifies the situation for me!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now