asked on
How can I find the servers connected to a Cisco switch using SNMP
I need to find the IP addresses of servers connected to a Cisco switch (Catalyst 6500) using SNMP. I saw that there are so many SNMP MIBs in Cisco's website, not sure which one of them is the relevant one with the OIDs for the connected servers.
Switches / HubsNetworkingNetwork Management
Last Comment
Miritm
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If you know the mac of the server NIC, you might give it a try "traceroute mac". some cisco switches support tracing using mac address.
ASKER
I was hoping to find the MIB and OID that should be used, but anyway still got very good input that helped me progress with this topic.
Thanks for the points. You can sort of do it by SNMP and MIB. First you would need to look-up all of the IP addresses using the ARP table and create a list that include the IP address and their associated MAC address. Then look at the mac address table and create a list that includes the MAC address and the port.
However, as I stated in the accepted answer, that does not necessary mean that host is on that port. It just means it gets to this switch through that port. It could be on another switch that may be directly connected to the switch you are scanning, or it could be 2, 3, or even more switches down stream.
In fact if you have Etherchannels, the mac address table will have the port channel number, not even the switch port. So then you would need to figure out which switch ports are associated with that port channel.
Quite tedious, but if you learn how to chase this down through cli commands, it can help you a lot when you are trying to find out what switch and which port on that switch a host is on.
However, as I stated in the accepted answer, that does not necessary mean that host is on that port. It just means it gets to this switch through that port. It could be on another switch that may be directly connected to the switch you are scanning, or it could be 2, 3, or even more switches down stream.
In fact if you have Etherchannels, the mac address table will have the port channel number, not even the switch port. So then you would need to figure out which switch ports are associated with that port channel.
Quite tedious, but if you learn how to chase this down through cli commands, it can help you a lot when you are trying to find out what switch and which port on that switch a host is on.
ASKER
Hi giltjr, thanks for the helpful clarifications. So do I understand correctly that you recommend using cli commands rather than SNMP for such a task?
If you want to find a single, or a small number, of IP hosts right "now", learning how to use CLI is best.
Using SNMP can help build a list/table, but you still have to chase the "chain".
Say SW1 is your main/core switch at the "center" of your network and SW1 connected to SW2 via an Etherchannel and SW2 is then connected to SW3 and you want to find HOST22, that is connected to SW3.
So you find HOST22's MAC address.
Logon to SW1 and do a "show mac address-table | i ##:##:##:##:##:##" where the # are the mac address of HOST22.
The output show that it is connected to PO3, which is a port channel. You do a "show po3" to see that Gi1/23 and Gi2/23" are in that port channel group. You either know or find out that Gi1/23 and Gi2/23 connect to SW2.
Now you logon on SW2 and do "show mac address-table | i ##:##:##:##:##:##" again.
The output shows that MAC is connect via Port Gi1/13. Again, you either know or find out that Gi1/13 is connected to SW3.
Now you logon on SW3 and do "show mac address-table | i ##:##:##:##:##:##" for a third time. That shows that the mac is connect via port Gi1/32. Now you either know or find out what is connected to Gi1/32. If it is a device, then you know that host with IP address "x" is on SW3 port G1/32.
Now, you could use SNMP, but you would still have to do the queries to find the same information. There are some SNMP programs that to port mapping, but most of them don't chase down a single IP/MAC address, nor do they chase down all chains to find the "last port" a MAC address is on. Meaning in my example above, the host/mac address would show up as being on SW1, SW2, and SW3.
Now you can use a port mapper application to get this and as long as you know which switch is the "last in the chain", you then know where the host is.
Using SNMP can help build a list/table, but you still have to chase the "chain".
Say SW1 is your main/core switch at the "center" of your network and SW1 connected to SW2 via an Etherchannel and SW2 is then connected to SW3 and you want to find HOST22, that is connected to SW3.
So you find HOST22's MAC address.
Logon to SW1 and do a "show mac address-table | i ##:##:##:##:##:##" where the # are the mac address of HOST22.
The output show that it is connected to PO3, which is a port channel. You do a "show po3" to see that Gi1/23 and Gi2/23" are in that port channel group. You either know or find out that Gi1/23 and Gi2/23 connect to SW2.
Now you logon on SW2 and do "show mac address-table | i ##:##:##:##:##:##" again.
The output shows that MAC is connect via Port Gi1/13. Again, you either know or find out that Gi1/13 is connected to SW3.
Now you logon on SW3 and do "show mac address-table | i ##:##:##:##:##:##" for a third time. That shows that the mac is connect via port Gi1/32. Now you either know or find out what is connected to Gi1/32. If it is a device, then you know that host with IP address "x" is on SW3 port G1/32.
Now, you could use SNMP, but you would still have to do the queries to find the same information. There are some SNMP programs that to port mapping, but most of them don't chase down a single IP/MAC address, nor do they chase down all chains to find the "last port" a MAC address is on. Meaning in my example above, the host/mac address would show up as being on SW1, SW2, and SW3.
Now you can use a port mapper application to get this and as long as you know which switch is the "last in the chain", you then know where the host is.
ASKER
giltjr, thanks a lot, this fully clarifies the situation for me!
Secondarily, you could use a web based app called NetDB, which I currently have running on the network I run now. It's free, Linux based, but runs constantly and keeps a database of what is connected where and follows changes, all automatically. That application can be gotten at http://netdbtracking.sourceforge.net/. I highly recommend this one.